Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0869

CWE-3104 documents4 sources
Severity
4.3MEDIUM
EPSS
18.5%
top 4.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Algo Credit Limits
Timeline
PublishedJul 7
Latest updateMay 14

Description

The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/algo_credit_limits4.5.0, 4.7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-447w-r8fj-xjcc: The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 42022-05-14
CVEList
CVE-2014-0869: The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 42014-07-07

💥Exploits & PoCs

1
Exploit-DB
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities2014-07-01
CVE-2014-0869 (MEDIUM CVSS 4.3) | The decrypt function in RICOS in IB | cvebase.io