ID CVE-2014-0866Type cveReporter NVDModified 2017-08-28T21:34:17
Description
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.
{"title": "CVE-2014-0866", "reporter": "NVD", "published": "2014-07-07T07:01:28", "cpe": ["cpe:/a:ibm:algorithmics:-", "cpe:/a:ibm:algo_credit_limits:4.7.0", "cpe:/a:ibm:algo_credit_limits:4.5.0"], "cvelist": ["CVE-2014-0866"], "viewCount": 0, "objectVersion": "1.3", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0866", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4cc16eed7558e366223e7a881e60ffe9", "key": "cpe"}, {"hash": "c5469b50577ee3607421a133605f3102", "key": "cvelist"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "4904278a1c4bd04b5b0d9e92b82b173c", "key": "description"}, {"hash": "6f04493c9be07912def945a391db3b29", "key": "href"}, {"hash": "804ca26714ed3b4d8be86f63c47083c9", "key": "modified"}, {"hash": "aa9382d6981569a641a4086ebf4ab7be", "key": "published"}, {"hash": "2e8b9aad12d18a82600eac8dc10782b7", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "daa68621ea35afcad51d6fc1bba977b9", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2014-07-07T07:01:28", "cvelist": ["CVE-2014-0866"], "title": "CVE-2014-0866", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0866", "bulletinFamily": "NVD", "id": "CVE-2014-0866", "history": [], "scanner": [], "cpe": ["cpe:/a:ibm:algorithmics:-", "cpe:/a:ibm:algo_credit_limits:4.7.0", "cpe:/a:ibm:algo_credit_limits:4.5.0"], "modified": "2014-07-07T12:41:48", "hash": "851df9f0caad29a11501fe20b471d864bc136edb254fda02616a4d669a8a0f6c", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21675881", "http://xforce.iss.net/xforce/xfdb/90940", "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c67d13857239265fd9931f12ad06df78", "key": "references"}, {"hash": "6f04493c9be07912def945a391db3b29", "key": "href"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "04a6dd372d26f587c66d66451e5ab105", "key": "modified"}, {"hash": "daa68621ea35afcad51d6fc1bba977b9", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4cc16eed7558e366223e7a881e60ffe9", "key": "cpe"}, {"hash": "c5469b50577ee3607421a133605f3102", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4904278a1c4bd04b5b0d9e92b82b173c", "key": "description"}, {"hash": "aa9382d6981569a641a4086ebf4ab7be", "key": "published"}], "lastseen": "2016-09-03T19:57:02", "description": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T19:57:02"}, {"bulletin": {"reporter": "NVD", "published": "2014-07-07T07:01:28", "cvelist": ["CVE-2014-0866"], "title": "CVE-2014-0866", "objectVersion": "1.2", "description": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0866", "bulletinFamily": "NVD", "id": "CVE-2014-0866", "history": [], "scanner": [], "enchantments": {}, "modified": "2017-01-06T21:59:34", "hash": "79e6faa583d2a4df3516d81a6eb5400cd95465084e58ac77baa69996d48ed848", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "viewCount": 0, "edition": 2, "cpe": ["cpe:/a:ibm:algorithmics:-", "cpe:/a:ibm:algo_credit_limits:4.7.0", "cpe:/a:ibm:algo_credit_limits:4.5.0"], "references": ["http://www.securityfocus.com/archive/1/archive/1/532598/100/0/threaded", "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", "http://xforce.iss.net/xforce/xfdb/90940", "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", "http://seclists.org/fulldisclosure/2014/Jun/173"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6f04493c9be07912def945a391db3b29", "key": "href"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "daa68621ea35afcad51d6fc1bba977b9", "key": "title"}, {"hash": "292ca8f7621a2484425df29bb84bf26b", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4cc16eed7558e366223e7a881e60ffe9", "key": "cpe"}, {"hash": "c5469b50577ee3607421a133605f3102", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4904278a1c4bd04b5b0d9e92b82b173c", "key": "description"}, {"hash": "36e5f0b293838f84ca6c1628f0c24984", "key": "modified"}, {"hash": "aa9382d6981569a641a4086ebf4ab7be", "key": "published"}], "lastseen": "2017-04-18T15:54:29", "assessment": {"name": "", "href": "", "system": ""}}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:54:29"}], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "modified": "2017-08-28T21:34:17", "hash": "b9a4556e67226a74dbf506742644521509675fda56565d2df360e92586148e08", "enchantments": {"vulnersScore": 5.0}, "edition": 3, "description": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.", "references": ["http://www.securityfocus.com/archive/1/archive/1/532598/100/0/threaded", "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", "https://exchange.xforce.ibmcloud.com/vulnerabilities/90940", "http://seclists.org/fulldisclosure/2014/Jun/173"], "id": "CVE-2014-0866", "lastseen": "2017-08-29T10:48:07", "assessment": {"name": "", "href": "", "system": ""}}
{"result": {"seebug": [{"id": "SSV:87112", "type": "seebug", "title": "IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities", "description": "No description provided by source.", "published": "2014-07-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-87112", "cvelist": ["CVE-2014-0864", "CVE-2014-0865", "CVE-2014-0866", "CVE-2014-0867", "CVE-2014-0868", "CVE-2014-0869", "CVE-2014-0870", "CVE-2014-0871", "CVE-2014-0894"], "lastseen": "2017-11-19T13:21:36"}], "exploitdb": [{"id": "EDB-ID:33942", "type": "exploitdb", "title": "IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities", "description": "IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities. CVE-2014-0864,CVE-2014-0865,CVE-2014-0866,CVE-2014-0867,CVE-2014-0868,CVE-2014-0869,CVE-2014...", "published": "2014-07-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/33942/", "cvelist": ["CVE-2014-0867", "CVE-2014-0870", "CVE-2014-0871", "CVE-2014-0868", "CVE-2014-0894", "CVE-2014-0869", "CVE-2014-0865", "CVE-2014-0866", "CVE-2014-0864"], "lastseen": "2016-02-03T20:10:13"}], "packetstorm": [{"id": "PACKETSTORM:127304", "type": "packetstorm", "title": "IBM Algorithmics RICOS Disclosure / XSS / CSRF", "description": "", "published": "2014-06-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", "cvelist": ["CVE-2014-0867", "CVE-2014-0870", "CVE-2014-0871", "CVE-2014-0868", "CVE-2014-0894", "CVE-2014-0869", "CVE-2014-0865", "CVE-2014-0866", "CVE-2014-0864"], "lastseen": "2016-12-05T22:23:13"}]}}
