Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0865

CWE-20 โ€” Improper Input Validation4 documents4 sources
Severity
4.9MEDIUM
EPSS
8.5%
top 7.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Algo Credit Limits
Timeline
PublishedJul 7
Latest updateMay 14

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

โ–ถNVDibm/algo_credit_limits4.5.0, 4.7.0+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-24qp-pvw9-442x: RICOS in IBM Algo Credit Limits (aka ACLM) 4โ†—2022-05-14
โ–ถ
CVEList
CVE-2014-0865: RICOS in IBM Algo Credit Limits (aka ACLM) 4โ†—2014-07-07
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilitiesโ†—2014-07-01
โ–ถ
CVE-2014-0865 (MEDIUM CVSS 4.9) | RICOS in IBM Algo Credit Limits (ak | cvebase.io