Cross-Site Scripting Vulnerabilities in IBM Algorithmics RICOS
CVE-2014-0870

Currently unrated

Key Information:

Vendor: IBM
Status: Algorithmics; Algo Credit Limits
Vendor: CVE Published:; 7 July 2014

What is CVE-2014-0870?

Multiple cross-site scripting vulnerabilities exist in IBM Algorithmics RICOS, impacting versions 4.5.0 through 4.7.0 before 4.7.0.03 FP5. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts via several parameters, including Message, ButtonsetClass, MBName, Init, Name, StoreName, and STYLESHEET in different JSP files. This can lead to unauthorized actions and access to sensitive information within affected applications.

References

http://packetstormsecurity.com/files/127304/IBM-Algorithm...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/90944

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/532598/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014