CVE-2014-0866

Published: Jul 7, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (3)

Products: Ibm: Algo Credit Limits, Algorithmics

Ibm

2 products

Algo Credit Limits

Algorithmics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Algo Credit Limits	Version 4.5.0
Ibm Algo Credit Limits	Version 4.7.0
Ibm Algorithmics	All versions

Related CWEs

CWE-310

References (12)

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

Source: psirt@us.ibm.com

http://seclists.org/fulldisclosure/2014/Jun/173

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/archive/1/532598/100/0/threaded

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/90940

Source: psirt@us.ibm.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

Source: psirt@us.ibm.com

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html