Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0871

CWE-200 โ€” Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
15.8%
top 5.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Algo Credit Limits
Timeline
PublishedJul 7
Latest updateMay 14

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDibm/algo_credit_limits4.5.0, 4.7.0+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-ggwj-625q-9wgf: RICOS in IBM Algo Credit Limits (aka ACLM) 4โ†—2022-05-14
โ–ถ
CVEList
CVE-2014-0871: RICOS in IBM Algo Credit Limits (aka ACLM) 4โ†—2014-07-07
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilitiesโ†—2014-07-01
โ–ถ
CVE-2014-0871 (MEDIUM CVSS 4.3) | RICOS in IBM Algo Credit Limits (ak | cvebase.io