CVE-2014-0866

Current Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

Basic Data

PublishedJuly 07, 2014
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-310
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmAlgo Credit Limits4.5.0*******
    2.3ApplicationIbmAlgo Credit Limits4.7.0*******
    2.3ApplicationIbmAlgorithmics-*******

Vulnerable Software List

VendorProductVersions
Ibm Algo Credit Limits 4.5.0, 4.7.0
Ibm Algorithmics -

References

NameSourceURLTags
http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlhttp://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlMISC
20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOShttp://seclists.org/fulldisclosure/2014/Jun/173FULLDISC
20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOShttp://www.securityfocus.com/archive/1/532598/100/0/threadedBUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg21675881http://www-01.ibm.com/support/docview.wss?uid=swg21675881CONFIRMVendor Advisory
ibm-aclm-cve20140866-plaintext(90940)https://exchange.xforce.ibmcloud.com/vulnerabilities/90940XF
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txthttps://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RMISC