Lucene search

IbmCVE-2014-0944

HistoryMay 09, 2014 - 10:50 a.m.

CVE-2014-0944

2014-05-0910:50:25

CWE-352

ibm

web.nvd.nist.gov

cve-2014-0944

csrf

vulnerability

res console

ibm operational decision manager

xss sequences

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

Nvd

Node

ibmoperational_decision_managerMatch7.5

ibmoperational_decision_managerMatch8.0

ibmoperational_decision_managerMatch8.5

VendorProductVersionCPE
ibmoperational_decision_manager7.5cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
ibmoperational_decision_manager8.0cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
ibmoperational_decision_manager8.5cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	operational_decision_manager	7.5	cpe:2.3:a:ibm:operational_decision_manager:7.5:::::::*
ibm	operational_decision_manager	8.0	cpe:2.3:a:ibm:operational_decision_manager:8.0:::::::*
ibm	operational_decision_manager	8.5	cpe:2.3:a:ibm:operational_decision_manager:8.5:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21671324

exchange.xforce.ibmcloud.com/vulnerabilities/92559

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVE-2014-0944