Database Credential Exposure in IBM Algorithmics ACLM
CVE-2014-0894

Currently unrated

Key Information:

Vendor: IBM
Status: Algorithmics; Algo Credit Limits
Vendor: CVE Published:; 7 July 2014

Summary

The IBM Algorithmics ACLM versions 4.5.0 to 4.7.0 prior to 4.7.0.03 FP5 are vulnerable due to a flaw that allows context-dependent attackers to retrieve sensitive database credentials. This is achieved by accessing the DbUser and DbPass fields within an XML document, potentially leading to unauthorized access to critical information. Organizations utilizing affected versions should implement immediate measures to safeguard their database credentials and upgrade to the patched version.

References

http://packetstormsecurity.com/files/127304/IBM-Algorithm...

x_refsource_MISC

http://www.securityfocus.com/archive/1/532598/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/59296

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jan 6, 2014