QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0868

Published: Jul 7, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

x_refsource_MISC

ibm-aclm-cve20140868-sec-bypass(90942)

vdb-entry

x_refsource_XF

20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

x_refsource_MISC

20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.