CVE-2015-0127

{"id": "CVE-2015-0127", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-06-28T22:59:05.207", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site."}, {"lang": "es", "value": "IBM Leads 7.x, 8.1.0 anterior a 8.1.0.14, 8.2, 8.5.0 anterior a 8.5.0.7.3, 8.6.0 anterior a 8.6.0.8.1, 9.0.0 hasta 9.0.0.4, 9.1.0 anterior a 9.1.0.6.1, y 9.1.1 anterior a 9.1.1.0.2 no restringe correctamente el uso de los elementos FRAME, lo que permite a usuarios remotos autenticados realizar ataques de phishing a trav\u00e9s de un sitio web manipulado."}], "lastModified": "2015-06-29T16:30:08.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:leads:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCBAD574-7359-4277-8ECA-0D074634AE3E"}, {"criteria": "cpe:2.3:a:ibm:leads:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6ABA9D9-CECA-4F65-8850-8E934118997C"}, {"criteria": "cpe:2.3:a:ibm:leads:7.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C0983C0-8A4E-4EA5-8B4C-AEB7629CDC07"}, {"criteria": "cpe:2.3:a:ibm:leads:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DCE555E-DF69-4C23-971B-C11E14BB6EB1"}, {"criteria": "cpe:2.3:a:ibm:leads:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A706D50A-92BC-4D8D-8403-21686327ADF9"}, {"criteria": "cpe:2.3:a:ibm:leads:8.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F99462BD-3942-4C49-B6A4-FD95CEE64629"}, {"criteria": "cpe:2.3:a:ibm:leads:8.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E128B3BE-BB38-4790-952B-A12F25A4D591"}, {"criteria": "cpe:2.3:a:ibm:leads:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF0432E-9A53-462E-9CEA-957C629BA125"}, {"criteria": "cpe:2.3:a:ibm:leads:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04EE5483-58FA-4B68-B5CB-74CEF748CCC9"}, {"criteria": "cpe:2.3:a:ibm:leads:9.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F830E08-F5DE-4A69-89F4-1BA4DF225A9E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}