{ "id": "CVE-2015-0115", "sourceIdentifier": "psirt@us.ibm.com", "published": "2015-06-28T22:59:01.643", "lastModified": "2015-06-29T16:26:26.923", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts." }, { "lang": "es", "value": "Vulnerabilidad de CSRF en IBM Leads 7.x, 8.1.0 anterior a 8.1.0.14, 8.2, 8.5.0 anterior a 8.5.0.7.3, 8.6.0 anterior a 8.6.0.8.1, 9.0.0 hasta 9.0.0.4, 9.1.0 anterior a 9.1.0.6.1, y 9.1.1 anterior a 9.1.1.0.2 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de cuentas de clientes." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.8, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-352" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCBAD574-7359-4277-8ECA-0D074634AE3E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6ABA9D9-CECA-4F65-8850-8E934118997C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C0983C0-8A4E-4EA5-8B4C-AEB7629CDC07" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DCE555E-DF69-4C23-971B-C11E14BB6EB1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A706D50A-92BC-4D8D-8403-21686327ADF9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "F99462BD-3942-4C49-B6A4-FD95CEE64629" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:8.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E128B3BE-BB38-4790-952B-A12F25A4D591" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDF0432E-9A53-462E-9CEA-957C629BA125" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04EE5483-58FA-4B68-B5CB-74CEF748CCC9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:leads:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F830E08-F5DE-4A69-89F4-1BA4DF225A9E" } ] } ] } ], "references": [ { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }