Lucene search
IbmCVELIST:CVE-2014-0869HistoryJul 07, 2014 - 10:00 a.m.
CVE-2014-0869
2014-07-0710:00:00
ibm
www.cve.org
1
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
References
packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
seclists.org/fulldisclosure/2014/Jun/173
www-01.ibm.com/support/docview.wss?uid=swg21675881
www.securityfocus.com/archive/1/532598/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/90943
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt
Related
cve
cve
CVE-2014-0869
2014-07-07 11:01:28
prion
prion
Design/Logic Flaw
2014-07-07 11:01:00
nvd
nvd
CVE-2014-0869
2014-07-07 11:01:28
ibm
ibm
seebug
seebug
IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities
2014-07-02 00:00:00
securityvulns
securityvulns
IBM Algorithmics RICOS multiple security vulnerabilities
2014-10-16 00:00:00
packetstorm
packetstorm
IBM Algorithmics RICOS Disclosure / XSS / CSRF
2014-06-30 00:00:00
exploitpack
exploitpack
IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities
2014-07-01 00:00:00