Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0868

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.9MEDIUM

EPSS

9.6%

top 7.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Algo Credit Limits

Timeline

PublishedJul 7

Latest updateMay 14

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/algo_credit_limits4.5.0, 4.7.0+1

🔴Vulnerability Details

GHSA

GHSA-wg8v-cggr-5vm6: RICOS in IBM Algo Credit Limits (aka ACLM) 4↗2022-05-14

▶

CVEList

CVE-2014-0868: RICOS in IBM Algo Credit Limits (aka ACLM) 4↗2014-07-07

▶

💥Exploits & PoCs

Exploit-DB

IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities↗2014-07-01

▶