CVE-2014-0894

Published: Jul 7, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.

Affected (3)

Products: Ibm: Algo Credit Limits, Algorithmics

Ibm

2 products

Algo Credit Limits

Algorithmics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Algo Credit Limits	Version 4.5.0
Ibm Algo Credit Limits	Version 4.7.0
Ibm Algorithmics	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

Source: psirt@us.ibm.com

http://seclists.org/fulldisclosure/2014/Jun/173

Source: psirt@us.ibm.com

http://secunia.com/advisories/59296

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/archive/1/532598/100/0/threaded

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/91313

Source: psirt@us.ibm.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

Source: psirt@us.ibm.com

Exploit

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html