CVE-2014-0866

2014-07-0711:01:28

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

Nvd

Node

ibmalgo_credit_limitsMatch4.5.0

ibmalgo_credit_limitsMatch4.7.0

ibmalgorithmicsMatch-

VendorProductVersionCPE
ibmalgo_credit_limits4.5.0cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:*
ibmalgo_credit_limits4.7.0cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:*
ibmalgorithmics-cpe:2.3:a:ibm:algorithmics:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	algo_credit_limits	4.5.0	cpe:2.3:a:ibm:algo_credit_limits:4.5.0:::::::*
ibm	algo_credit_limits	4.7.0	cpe:2.3:a:ibm:algo_credit_limits:4.7.0:::::::*
ibm	algorithmics	-	cpe:2.3:a:ibm:algorithmics:-:::::::*