Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM916B8AB47D36171E6F5793DFA9CB430EF88FDC753CFA4540FDE3A58726963F26
HistoryJun 15, 2018 - 7:00 a.m.

Security Bulletin: IBM Operational Decision Manager : CVE-2014-0944, CVE-2014-0945, CVE-2014-0946

2018-06-1507:00:04
www.ibm.com
11

EPSS

0.006

Percentile

79.4%

JSON

Summary

This Security Bulletin addresses 3 security vulnerabilities CVE-2014-0944, CVE-2014-0945 and CVE-2014-0946 in IBM Operational Decision Manager.
All issue are related to the RES Console provided in Rule Execution Server.

Vulnerability Details

CVE ID: CVE-2014-0944

DESCRIPTION:
IBM Operational Decision Management is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92559&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-0945

DESCRIPTION:
IBM Operational Decision Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92562&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2014-0946

**** DESCRIPTION:
IBM Operational Decision Management would allow an attacker to obtain sensitive information from the cache due to lack of cache control directives.

CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92573&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Affected Products and Versions

    • IBM WebSphere Operational Decision Management v7.5
  • IBM Operational Decision Manager v8.0
  • IBM Operational Decision Manager v8.5

Remediation/Fixes

Version

|

Fix name

|

Fix Id

—|—|—
v7.5| Fix pack 3 Interim Fix 37| 7.5.0.3-WS-ODM_DS-IF037
v8.0| Mod pack 1 Fix pack 2 | 8.0.1-WS-ODM-<OS>-FP002
v8.5| Mod pack 1 Interim Fix 26| 8.5.1.0-WS-ODM_DS-IF026

Workarounds and Mitigations

none known. Apply fixes

Related

cvelist 3
prion 3
nvd 3
cve 3
cvelist
cvelist
CVE-2014-0944
2014-05-09 10:00:00
CVE-2014-0946
2014-05-09 10:00:00
CVE-2014-0945
2014-05-09 10:00:00
prion
prion
Cross site request forgery (csrf)
2014-05-09 10:50:00
Cross site scripting
2014-05-09 10:50:00
Design/Logic Flaw
2014-05-09 10:50:00
nvd
nvd
CVE-2014-0944
2014-05-09 10:50:25
CVE-2014-0946
2014-05-09 10:50:25
CVE-2014-0945
2014-05-09 10:50:25
cve
cve
CVE-2014-0944
2014-05-09 10:50:25
CVE-2014-0945
2014-05-09 10:50:25
CVE-2014-0946
2014-05-09 10:50:25

EPSS

0.006

Percentile

79.4%

JSON
Related for 916B8AB47D36171E6F5793DFA9CB430EF88FDC753CFA4540FDE3A58726963F26
cvelist3prion3nvd3cve3