CVE-2014-0865

IBM Algo Credit Limits 4.5.0-4.7.0 - Authenticated Data Modification via Serialized Object Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0865.

AI-analyzed exploit summary This is a detailed technical writeup from SEC Consult Vulnerability Lab describing multiple severe vulnerabilities in IBM Algorithmics RICOS, including CVE-2014-0865. It provides in-depth analysis, proof-of-concept examples, and technical details for each vulnerability, such as password disclosure, XSS, broken encryption, and client-side input validation bypass.

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

This is a detailed technical writeup from SEC Consult Vulnerability Lab describing multiple severe vulnerabilities in IBM Algorithmics RICOS, including CVE-2014-0865. It provides in-depth analysis, proof-of-concept examples, and technical details for each vulnerability, such as password disclosure, XSS, broken encryption, and client-side input validation bypass.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: IBM Algorithmics RICOS 4.5.0 - 4.7.0

No auth needed

Prerequisites: Access to the RICOS web interface or fat client · Network access to intercept or craft requests

MITRE ATT&CK