CVE-2015-0127

Published: Jun 28, 2015Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site.

Affected (10)

Products: Ibm: Leads

Ibm

1 product

Leads

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Leads	Version 7.1.0
Ibm Leads	Version 7.1.1
Ibm Leads	Version 7.5.0
Ibm Leads	Version 8.1.0
Ibm Leads	Version 8.2.0
Ibm Leads	Version 8.5.0
Ibm Leads	Version 8.6.0
Ibm Leads	Version 9.0.0
Ibm Leads	Version 9.1.0
Ibm Leads	Version 9.1.1

Related CWEs

CWE-254

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21902807

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21902807

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.