Remote Cookie Manipulation in IBM Algorithmics RICOS Product
CVE-2014-0867

Currently unrated

Key Information:

Vendor: IBM
Status: Algorithmics; Algo Credit Limits
Vendor: CVE Published:; 7 July 2014

Summary

The vulnerability in IBM Algorithmics RICOS allows remote attackers to manipulate cookies through the query string, potentially compromising user sessions. This vulnerability affects versions 4.5.0 to 4.7.0 before the release of 4.7.0.03 FP5. Attackers can exploit this to create or alter cookies, leading to unauthorized access and session hijacking. Users of affected versions should promptly update to secure their applications against such attacks.

References

http://packetstormsecurity.com/files/127304/IBM-Algorithm...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/90941

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/532598/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014