Описание
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:algo_credit_limits:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:algo_credit_limits:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:algorithmics:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.16888
Средний
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
EPSS
Процентиль: 95%
0.16888
Средний
4.3 Medium
CVSS2
Дефекты
CWE-310