CVE-2014-0894

IBM Algo Credit Limits 4.5.0-4.7.0 - Exposure of Sensitive Information via XML Document

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0894. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in IBM Algorithmics RICOS, including information disclosure, password disclosure, XSS, broken encryption, and more. It provides technical details, proof-of-concept examples, and affected versions.

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappsjsp

https://www.exploit-db.com/exploits/33942

View Code ZIP pw:eip

This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in IBM Algorithmics RICOS, including information disclosure, password disclosure, XSS, broken encryption, and more. It provides technical details, proof-of-concept examples, and affected versions.

Classification

Writeup 100%

Attack Type

Info Leak | Auth Bypass | Xss | Other

Complexity

Moderate

Reliability

Reliable

Target: IBM Algorithmics RICOS 4.5.0 - 4.7.0

No auth needed

Prerequisites: Access to the target system or network

MITRE ATT&CK