CVE-2014-0867
CVE-2014-0867
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlunverifiedexploitdbwww.exploit-db.com/exploits/33942unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlhttp://seclists.org/fulldisclosure/2014/Jun/173https://exchange.xforce.ibmcloud.com/vulnerabilities/90941https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txthttp://www-01.ibm.com/support/docview.wss?uid=swg21675881http://www.securityfocus.com/archive/1/532598/100/0/threaded