CVE-2014-0866
Summary
| CVE | CVE-2014-0866 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-07-07 11:01:00 UTC |
| Updated | 2018-10-09 19:42:00 UTC |
| Description | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Algorithmics | - | All | All | All |
| Application | Ibm | Algorithmics | - | All | All | All |
| Application | Ibm | Algo Credit Limits | 4.5.0 | All | All | All |
| Application | Ibm | Algo Credit Limits | 4.7.0 | All | All | All |
| Application | Ibm | Algo Credit Limits | 4.5.0 | All | All | All |
| Application | Ibm | Algo Credit Limits | 4.7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security Bulletin: Multiple Security Vulnerabilities in Certain GUI Components of IBM Algo Credit Limits. - United States | CONFIRM | www-01.ibm.com | Vendor Advisory |
| Vulnerability Lab - SEC Consult | MISC | www.sec-consult.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Full Disclosure: SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS | FULLDISC | seclists.org | |
| IBM Algorithmics RICOS Disclosure / XSS / CSRF ≈ Packet Storm | MISC | packetstormsecurity.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.