CVE-2014-0944

2014-05-0910:50:25

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

Nvd

Node

ibmoperational_decision_managerMatch7.5

ibmoperational_decision_managerMatch8.0

ibmoperational_decision_managerMatch8.5

VendorProductVersionCPE
ibmoperational_decision_manager7.5cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
ibmoperational_decision_manager8.0cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
ibmoperational_decision_manager8.5cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	operational_decision_manager	7.5	cpe:2.3:a:ibm:operational_decision_manager:7.5:::::::*
ibm	operational_decision_manager	8.0	cpe:2.3:a:ibm:operational_decision_manager:8.0:::::::*
ibm	operational_decision_manager	8.5	cpe:2.3:a:ibm:operational_decision_manager:8.5:::::::*