CVE-2014-0868

IBM Algo Credit Limits 4.5.0-4.7.0 - Authenticated Data Modification via Crafted XML Document

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0868.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple severe vulnerabilities in IBM Algorithmics RICOS, including information disclosure, password disclosure, XSS, broken encryption, and dual control mechanism bypass. It provides technical details, proof-of-concept examples, and affected versions.

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple severe vulnerabilities in IBM Algorithmics RICOS, including information disclosure, password disclosure, XSS, broken encryption, and dual control mechanism bypass. It provides technical details, proof-of-concept examples, and affected versions.

Classification

Writeup 100%

Attack Type

Info Leak | Auth Bypass | Xss | Other

Complexity

Moderate

Reliability

Reliable

Target: IBM Algorithmics RICOS 4.5.0 - 4.7.0

No auth needed

Prerequisites: Network access to the target system · Ability to send crafted HTTP requests

MITRE ATT&CK