CVE-2014-0867

Published: Jul 7, 2014Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.

Affected (3)

Products: Ibm: Algo Credit Limits, Algorithmics

Ibm

2 products

Algo Credit Limits

Algorithmics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Algo Credit Limits	Version 4.5.0
Ibm Algo Credit Limits	Version 4.7.0
Ibm Algorithmics	All versions

References (12)

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

Source: psirt@us.ibm.com

http://seclists.org/fulldisclosure/2014/Jun/173

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/archive/1/532598/100/0/threaded

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/90941

Source: psirt@us.ibm.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

Source: psirt@us.ibm.com

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html