Vulnerability Description
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Algo Credit Limits | 4.5.0 |
| Ibm | Algorithmics | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XS
- http://seclists.org/fulldisclosure/2014/Jun/173
- http://www-01.ibm.com/support/docview.wss?uid=swg21675881Vendor Advisory
- http://www.securityfocus.com/archive/1/532598/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90940
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-
- http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XS
- http://seclists.org/fulldisclosure/2014/Jun/173
- http://www-01.ibm.com/support/docview.wss?uid=swg21675881Vendor Advisory
- http://www.securityfocus.com/archive/1/532598/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90940
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-
FAQ
What is CVE-2014-0866?
CVE-2014-0866 is a vulnerability with a CVSS score of 4.3 (MEDIUM). RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive informat...
How severe is CVE-2014-0866?
CVE-2014-0866 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0866?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Algo Credit Limits, Ibm Algorithmics.