Security feature bypass

2014-03-0511:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.6%

JSON

IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network.

CPENameOperatorVersion
algo_oneeq5.0.0
algo_oneeq4.9.1
algo_oneeq4.7.1
algo_oneeq4.7.0
algo_oneeq4.9.0
algo_oneeq4.8.0

Name	Operator	Version
algo_one	eq	5.0.0
algo_one	eq	4.9.1
algo_one	eq	4.7.1
algo_one	eq	4.7.0
algo_one	eq	4.9.0
algo_one	eq	4.8.0

References

www-01.ibm.com/support/docview.wss?uid=swg21666110

exchange.xforce.ibmcloud.com/vulnerabilities/88382