CVE-2014-0867
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
77.5%
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | algo_credit_limits | 4.5.0 | cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:* |
| ibm | algo_credit_limits | 4.7.0 | cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:* |
| ibm | algorithmics | - | cpe:2.3:a:ibm:algorithmics:-:*:*:*:*:*:*:* |
References
packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
seclists.org/fulldisclosure/2014/Jun/173
www-01.ibm.com/support/docview.wss?uid=swg21675881
www.securityfocus.com/archive/1/532598/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/90941
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
77.5%