Описание
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:leads:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:leads:9.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00191
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension.
EPSS
Процентиль: 41%
0.00191
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other