CVE-2014-0866

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt
http://www-01.ibm.com/support/docview.wss?uid=swg21675881	Vendor Advisory
http://seclists.org/fulldisclosure/2014/Jun/173
http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/90940
http://www.securityfocus.com/archive/1/532598/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:algorithmics:-:::::::*
	cpe:2.3:a:ibm:algo_credit_limits:4.5.0:::::::*
	cpe:2.3:a:ibm:algo_credit_limits:4.7.0:::::::*

Information

Published : 2014-07-07 11:01

Updated : 2018-10-09 19:42

NVD link : CVE-2014-0866

Mitre link : CVE-2014-0866

JSON object : View

Products Affected

ibm

algorithmics
algo_credit_limits

CWE

CWE-310

Cryptographic Issues

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2014/Jun/173", "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", "tags": [], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", "name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90940", "name": "ibm-aclm-cve20140866-plaintext(90940)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded", "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0866", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-07-07T11:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:algorithmics:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-09T19:42Z"}