CVE-2014-0894
CVE-2014-0894
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlunverifiedexploitdbwww.exploit-db.com/exploits/33942unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlhttp://seclists.org/fulldisclosure/2014/Jun/173http://secunia.com/advisories/59296https://exchange.xforce.ibmcloud.com/vulnerabilities/91313https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txthttp://www-01.ibm.com/support/docview.wss?uid=swg21675881http://www.securityfocus.com/archive/1/532598/100/0/threaded