CVE-2015-0126

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0126
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension.

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21902807 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21902807 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:leads:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.1.1:*:*:*:*:*:*:*
History

21 Nov 2024, 02:22

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg21902807 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21902807 - Vendor Advisory
Information

Published : 2015-06-28 22:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-0126

Mitre link : CVE-2015-0126

CVE.ORG link : CVE-2015-0126

JSON object : View

Products Affected

ibm

  • leads
CWE
NVD-CWE-Other