CVE-2014-0864
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal’s currency or (2) a limit via a crafted XML document.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | algo_credit_limits | 4.5.0 | cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:* |
| ibm | algo_credit_limits | 4.7.0 | cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:* |
References
packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
seclists.org/fulldisclosure/2014/Jun/173
secunia.com/advisories/59296
www-01.ibm.com/support/docview.wss?uid=swg21675881
www.securityfocus.com/archive/1/532598/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/90938
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.6%