CVE-2014-0864

2014-07-0711:01:28

CWE-352

ibm

web.nvd.nist.gov

cve-2014-0864

csrf

ibm algo credit limits

ricos

ibm algorithmics

security vulnerability

xml document

remote attack

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal’s currency or (2) a limit via a crafted XML document.

Affected configurations

Nvd

Node

ibmalgo_credit_limitsMatch4.5.0

ibmalgo_credit_limitsMatch4.7.0

VendorProductVersionCPE
ibmalgo_credit_limits4.5.0cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:*
ibmalgo_credit_limits4.7.0cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	algo_credit_limits	4.5.0	cpe:2.3:a:ibm:algo_credit_limits:4.5.0:::::::*
ibm	algo_credit_limits	4.7.0	cpe:2.3:a:ibm:algo_credit_limits:4.7.0:::::::*