CVE-2014-0867 Information

Description

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.

Reference

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html http://seclists.org/fulldisclosure/2014/Jun/173 http://www.securityfocus.com/archive/1/532598/100/0/threaded http://www-01.ibm.com/support/docview.wss?uid=swg21675881 https://exchange.xforce.ibmcloud.com/vulnerabilities/90941 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt