Vulnerability in Decrypt Function of IBM Algorithmics Product
CVE-2014-0869

Currently unrated

Key Information:

Vendor: IBM
Status: Algorithmics; Algo Credit Limits
Vendor: CVE Published:; 7 July 2014

Summary

The decrypt function in IBM Algorithmics RICOS (also known as ACLM) fails to enforce key requirements, allowing remote attackers to intercept and extract cleartext passwords from network traffic. This vulnerability increases the risk of unauthorized access to sensitive data as attackers can exploit this flaw by supplying arbitrary strings to the decrypt function. Proper precautions are advised to mitigate the potential exposure of confidential information.

References

http://packetstormsecurity.com/files/127304/IBM-Algorithm...

x_refsource_MISC

http://www.securityfocus.com/archive/1/532598/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

x_refsource_CONFIRM

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014