CVE-2014-0864

Name of the Vulnerable Software and Affected Versions IBM Algo Credit Limits versions 4.5.0 through 4.7.0 before 4.7.0.03 FP5

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS. These vulnerabilities allow remote attackers to hijack the authentication of arbitrary users for requests, specifically for changing a deal's currency or a limit via a crafted XML document.

Recommendations For versions 4.5.0 through 4.7.0 before 4.7.0.03 FP5, update to version 4.7.0.03 FP5 or later to resolve the issue.