PRIOn knowledge basePRION:CVE-2014-0867

HistoryJul 07, 2014 - 11:01 a.m.

Design/Logic Flaw

2014-07-0711:01:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.

CPENameOperatorVersion
algo_credit_limitseq4.7.0
algo_credit_limitseq4.5.0

CPE	Name	Operator	Version
	algo_credit_limits	eq	4.7.0
	algo_credit_limits	eq	4.5.0

References

packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

seclists.org/fulldisclosure/2014/Jun/173

www-01.ibm.com/support/docview.wss?uid=swg21675881

www.securityfocus.com/archive/1/532598/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/90941

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for PRION:CVE-2014-0867