RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 up to and including 4.7.0 prior to 4.7.0.03 FP5 in IBM Algorithmics allows remote malicious users to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm algorithmics - |
||
ibm algo credit limits 4.5.0 |
||
ibm algo credit limits 4.7.0 |