Vulnerabilities > CVE-2014-0867 - Security Bypass vulnerability in IBM Algo Credit Limits
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities. CVE-2014-0864,CVE-2014-0865,CVE-2014-0866,CVE-2014-0867,CVE-2014-0868,CVE-2014-0869,CVE-2014... |
id | EDB-ID:33942 |
last seen | 2016-02-03 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | SEC Consult |
source | https://www.exploit-db.com/download/33942/ |
title | IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/127304/SA-20140630-0.txt |
id | PACKETSTORM:127304 |
last seen | 2016-12-05 |
published | 2014-06-30 |
reporter | F. Lukavsky |
source | https://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html |
title | IBM Algorithmics RICOS Disclosure / XSS / CSRF |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:87112 |
last seen | 2017-11-19 |
modified | 2014-07-02 |
published | 2014-07-02 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-87112 |
title | IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities |
References
- http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
- http://seclists.org/fulldisclosure/2014/Jun/173
- http://www.securityfocus.com/archive/1/532598/100/0/threaded
- http://www-01.ibm.com/support/docview.wss?uid=swg21675881
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90941
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt