CVE-2014-0866

IBM Algo Credit Limits - Cryptographic Issue

Title source: rule

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/532598/100/0/threaded

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21675881

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90940

[Various Sources] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

[Mailing List] http://seclists.org/fulldisclosure/2014/Jun/173

Scores

EPSS 0.1852

EPSS Percentile 95.3%

Details

CWE

CWE-310

Status published

Products (3)

ibm/algo_credit_limits 4.5.0

ibm/algo_credit_limits 4.7.0

ibm/algorithmics

Published Jul 07, 2014

Tracked Since Feb 18, 2026