CVE-2014-0869

CVE-2014-0869 affects IBM Algorithmics RICOS (ACL M) Web/GUI components in ACLM versions 4.5.0–4.7.0. The vulnerability is due to a decrypt function in RICOS that does not require a cryptographic key, allowing remote attackers who can sniff network traffic to supply a string argument and obtain c...

CVE-2014-0865

CVE-2014-0865 affects IBM Algorithmics RICOS (Algo Credit Limits) Web/Fat-Client UI components. The vulnerability stems from the product relying on client-side input validation, allowing an authenticated user to bypass dual-control restrictions and modify data (e.g., limits) via crafted serialize...

CVE-2014-0868

CVE-2014-0868 affects IBM Algorithmics RICOS (versions 4.5.0–4.7.0) where the web client relies on client‑side input validation. This enables remote authenticated users to bypass dual‑control restrictions and modify data by manipulating an XML document, as demonstrated by altering read‑only limit...

CVE-2014-0866

CVE-2014-0866 affects IBM Algo Credit Limits (RICOS) 4.5.0–4.7.0; the SEC/IBM advisories describe plaintext submission of passwords over HTTP by the RICOS fat client (and unencrypted auth in the Blotter), enabling an attacker on the network to capture credentials. The IBM remediation is patch 4.7...

CVE-2014-0894

Summary: CVE-2014-0894 affects IBM Algo Credit Limits (RICOS ACLM) versions 4.5.0–4.7.0. Affects ACLM Web GUI; root cause is disclosure of database credentials (DbUser/DbPass) in clear text within an XML document read by the GUI, enabling an attacker to connect to the backend database and manipul...

CVE-2014-0867

CVE-2014-0867 affects IBM Algo Credit Limits (RICOS) Web GUI, specifically rcore6/main/addcookie.jsp. The root cause is that a page in ACLM Web GUI could set/overwrite cookies for a user via manipulated links, enabling Cross-Site Cookie Setting. Affected versions are IBM Algo Credit Limits 4.5.0–...

CVE-2014-0870

CVE-2014-0870 is an XSS vulnerability in IBM Algorithmics RICOS (ACL M) 4.5.0–4.7.0. The issue arises from unsanitized user-controllable input being reflected in the ACLM Web GUI and related UI components (examples include parameters in rcore6/main/showerror.jsp, buttonset.jsp, frameset.jsp, brow...

CVE-2014-0871

CVE-2014-0871 affects IBM Algorithmics RICOS (ACLIM) versions 4.5.0–4.7.0. The issue allows information disclosure via Tomcat error messages that leak environment details, triggered by non-printing characters (e.g., 0x00) in a cookie to the /classes/ URI. IBM’s SEC Consult advisory and the IBM Se...