CVE-2014-0867

IBM Algorithmics <4.7.0.03 FP5 - XSS

Title source: llm

Description

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90941

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/532598/100/0/threaded

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21675881

[Various Sources] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

[Mailing List] http://seclists.org/fulldisclosure/2014/Jun/173

Scores

EPSS 0.1545

EPSS Percentile 94.7%

Details

Status published

Products (3)

ibm/algo_credit_limits 4.5.0

ibm/algo_credit_limits 4.7.0

ibm/algorithmics

Published Jul 07, 2014

Tracked Since Feb 18, 2026