Cross-Site Request Forgery Vulnerabilities in IBM Algorithmics RICOS
CVE-2014-0864

Currently unrated

Key Information:

Vendor: IBM
Status: Algo Credit Limits
Vendor: CVE Published:; 7 July 2014

Summary

Multiple CSRF vulnerabilities exist in IBM Algorithmics RICOS that allow remote attackers to exploit the system. An attacker can construct malicious XML documents to execute unauthorized requests, such as changing a deal's currency or modifying limit settings, thereby hijacking the authentication of arbitrary users under certain conditions. This opens the door to potential manipulation of sensitive data, making it essential for organizations using affected versions to implement the necessary security measures and updates.

References

http://packetstormsecurity.com/files/127304/IBM-Algorithm...

x_refsource_MISC

http://www.securityfocus.com/archive/1/532598/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/59296

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014