CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
81.0%
IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed.
CVEID:CVE-2023-41080
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication feature. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264483 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-40167
**DESCRIPTION:**Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially crafted request, a remote attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Operational Decision Manager | 8.10.x |
IBM Operational Decision Manager | 8.11.x |
IBM Operational Decision Manager | 8.12.x |
IBM Operational Decision Manager V8.10.5.1:
Interim fix 044 is available from IBM Fix Central:
IBM Operational Decision Manager V8.11.0.1:
Interim fix 024 is available from IBM Fix Central:
IBM Operational Decision Manager V8.11.1:
Interim fix 013 is available:
IBM Operational Decision Manager V8.12.0:
Interim fix 005 is available:
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | operational_decision_manager | 8.10. | cpe:2.3:a:ibm:operational_decision_manager:8.10.:*:*:*:*:*:*:* |
ibm | operational_decision_manager | 8.11. | cpe:2.3:a:ibm:operational_decision_manager:8.11.:*:*:*:*:*:*:* |
ibm | operational_decision_manager | 8.12. | cpe:2.3:a:ibm:operational_decision_manager:8.12.:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
81.0%