CVE-2014-0870

IBM Algo Credit Limits 4.5.0-4.7.0 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0870.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple vulnerabilities in IBM Algorithmics RICOS, including XSS, password disclosure, and broken encryption. It provides technical details, proof-of-concept examples, and affected versions.

Description

Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult Vulnerability Lab describing multiple vulnerabilities in IBM Algorithmics RICOS, including XSS, password disclosure, and broken encryption. It provides technical details, proof-of-concept examples, and affected versions.

Classification

Writeup 100%

Attack Type

Info Leak | Xss | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: IBM Algorithmics RICOS 4.5.0 - 4.7.0

No auth needed

Prerequisites: Network access to the target system · Web browser or HTTP client to send crafted requests

MITRE ATT&CK