Vulnerabilities > CVE-2014-0866 - Cryptographic Issues vulnerability in IBM Algo Credit Limits and Algorithmics

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
ibm
CWE-310
exploit available
NVD
Published: 2014-07-07
Updated: 2018-10-09

Summary

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities. CVE-2014-0864,CVE-2014-0865,CVE-2014-0866,CVE-2014-0867,CVE-2014-0868,CVE-2014-0869,CVE-2014...
idEDB-ID:33942
last seen2016-02-03
modified2014-07-01
published2014-07-01
reporterSEC Consult
sourcehttps://www.exploit-db.com/download/33942/
titleIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127304/SA-20140630-0.txt
idPACKETSTORM:127304
last seen2016-12-05
published2014-06-30
reporterF. Lukavsky
sourcehttps://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
titleIBM Algorithmics RICOS Disclosure / XSS / CSRF

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87112
last seen2017-11-19
modified2014-07-02
published2014-07-02
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87112
titleIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities

References