Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0894Sensitive Information Exposure in IBM Algo Credit Limits

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
3.5LOWNVD
EPSS
11.9%
top 6.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Algo Credit Limits
Timeline
PublishedJul 7
Latest updateMay 14

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/algo_credit_limits4.5.0, 4.7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-wx6m-r4jc-mfvw: RICOS in IBM Algo Credit Limits (aka ACLM) 42022-05-14
CVEList
CVE-2014-0894: RICOS in IBM Algo Credit Limits (aka ACLM) 42014-07-07

💥Exploits & PoCs

1
Exploit-DB
IBM Algorithmics RICOS 4.5.0 < 4.7.0 - Multiple Vulnerabilities2014-07-01
CVE-2014-0894 — Sensitive Information Exposure in IBM | cvebase