Vulnerabilites related to ibm - operational_decision_manager
Vulnerability from fkie_nvd
Published
2014-12-11 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 8.0 | |
| ibm | operational_decision_manager | 8.5 | |
| ibm | operational_decision_manager | 8.6 | |
| ibm | websphere_ilog_jrules | 7.1 | |
| ibm | websphere_operational_decision_management | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E71B29-F33F-4892-BED4-F3F8DF662E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81870D-A065-42B5-A87C-56A59FBCCDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D15E22-E033-4827-A644-4AA164978EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_ilog_jrules:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA3CA08-BAA5-4D31-BE67-DAC2B690E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_operational_decision_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D64DFCEE-3ADE-4417-9F26-9205CE96DB62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "El servicio Hosted Transparent Decision en el servidor de la ejecuci\u00f3n de reglas en IBM WebSphere ILOG JRules 7.1 anterior a MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 anterior a FP3 IF41; y Operational Decision Manager 8.0 anterior a MP1 FP2 IF34, 8.5 anterior a MP1 FP1 IF43, y 8.6 anterior a IF8 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE)."
}
],
"id": "CVE-2014-6114",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-11T11:59:10.307",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96211"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-29 16:15
Modified
2025-05-12 21:02
Severity ?
Summary
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232032 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 8.11.0.1 | |
| ibm | operational_decision_manager | 8.11.1.0 | |
| ibm | operational_decision_manager | 8.12.0.1 | |
| ibm | operational_decision_manager | 9.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E8894F-E7F5-4514-873A-C63CB8DFCC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB5F24-4C9B-4D1F-85BE-08708EFB777A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1 y 9.0.0.1 es vulnerable a ataques de cross-site scripting. Esta vulnerabilidad permite a un atacante no autenticado incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
}
],
"id": "CVE-2025-1551",
"lastModified": "2025-05-12T21:02:15.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-04-29T16:15:29.870",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232032"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-13 16:29
Modified
2024-11-21 04:00
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106325 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150170 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.exploit-db.com/exploits/46017/ | Exploit, Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10744149 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106325 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150170 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46017/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10744149 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | * | |
| ibm | operational_decision_manager | * | |
| ibm | operational_decision_manager | * | |
| ibm | operational_decision_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1333171A-B893-49C4-ADC7-FDD39DABA869",
"versionEndExcluding": "8.6.0.3",
"versionStartIncluding": "8.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F3A63-32BF-4072-9EE0-D22D7629CFF6",
"versionEndExcluding": "8.7.1.2",
"versionStartIncluding": "8.7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3339905D-F140-4CA2-9C7E-09D40C53DDD5",
"versionEndExcluding": "8.8.1.3",
"versionStartIncluding": "8.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD764E-9687-46DD-B380-41E711F7617F",
"versionEndExcluding": "8.9.2.1",
"versionStartIncluding": "8.9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
},
{
"lang": "es",
"value": "Las versiones 8.5, 8.6, 8.7, 8.8 y 8.9 de IBM Operational Decision Management son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n sensible o consumir recursos de la memoria. IBM X-Force ID: 150170."
}
],
"id": "CVE-2018-1821",
"lastModified": "2024-11-21T04:00:27.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T16:29:01.117",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106325"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46017/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-09 10:50
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 7.5 | |
| ibm | operational_decision_manager | 8.0 | |
| ibm | operational_decision_manager | 8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000AB680-5E33-4986-A0F1-2CFF6DFF0ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E71B29-F33F-4892-BED4-F3F8DF662E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81870D-A065-42B5-A87C-56A59FBCCDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la consula RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-0944",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-09T10:50:25.320",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92559"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-09 10:50
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 7.5 | |
| ibm | operational_decision_manager | 8.0 | |
| ibm | operational_decision_manager | 8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000AB680-5E33-4986-A0F1-2CFF6DFF0ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E71B29-F33F-4892-BED4-F3F8DF662E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81870D-A065-42B5-A87C-56A59FBCCDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la consula RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0945",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-09T10:50:25.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92562"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-09 10:50
Modified
2025-04-12 10:46
Severity ?
Summary
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 7.5 | |
| ibm | operational_decision_manager | 8.0 | |
| ibm | operational_decision_manager | 8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000AB680-5E33-4986-A0F1-2CFF6DFF0ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E71B29-F33F-4892-BED4-F3F8DF662E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81870D-A065-42B5-A87C-56A59FBCCDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "La consola RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 no env\u00eda cabeceras HTTP de control de cach\u00e9 adecuadas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."
}
],
"id": "CVE-2014-0946",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-09T10:50:25.397",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 03:15
Modified
2024-11-21 08:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 8.10.3 | |
| ibm | operational_decision_manager | 8.10.4 | |
| ibm | operational_decision_manager | 8.10.5.1 | |
| ibm | operational_decision_manager | 8.11 | |
| ibm | operational_decision_manager | 8.11.0.1 | |
| ibm | operational_decision_manager | 8.12.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146."
},
{
"lang": "es",
"value": "IBM Operational Decision Manager versiones 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podr\u00edan permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario en el sistema, causado por una deserializaci\u00f3n insegura. Al enviar una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM. ID de IBM X-Force: 279146."
}
],
"id": "CVE-2024-22320",
"lastModified": "2024-11-21T08:56:03.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T03:15:10.780",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-02 03:15
Modified
2024-11-21 08:56
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7112382 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7112382 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 8.10.3 | |
| ibm | operational_decision_manager | 8.10.4 | |
| ibm | operational_decision_manager | 8.10.5.1 | |
| ibm | operational_decision_manager | 8.11 | |
| ibm | operational_decision_manager | 8.11.0.1 | |
| ibm | operational_decision_manager | 8.12.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podr\u00eda permitir a un atacante remoto realizar una inyecci\u00f3n LDAP. Al enviar una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para inyectar contenido no sanitizado en el filtro LDAP. ID de IBM X-Force: 279145."
}
],
"id": "CVE-2024-22319",
"lastModified": "2024-11-21T08:56:03.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-02T03:15:10.573",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-01 18:15
Modified
2025-08-14 18:49
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Summary
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7241286 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | operational_decision_manager | 8.11.0.1 | |
| ibm | operational_decision_manager | 8.11.1.0 | |
| ibm | operational_decision_manager | 8.12.0.1 | |
| ibm | operational_decision_manager | 9.0.0.1 | |
| ibm | operational_decision_manager | 9.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E8894F-E7F5-4514-873A-C63CB8DFCC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB5F24-4C9B-4D1F-85BE-08708EFB777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:9.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD731C1-390A-401C-A2BC-931445381424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
},
{
"lang": "es",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1 y 9.5.0 podr\u00eda permitir que un atacante remoto realice ataques de phishing mediante un ataque de redirecci\u00f3n abierta. Al persuadir a la v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso aparentemente confiable. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente sensible o realizar nuevos ataques contra la v\u00edctima."
}
],
"id": "CVE-2025-2824",
"lastModified": "2025-08-14T18:49:21.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-01T18:15:51.587",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7241286"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
CVE-2014-0944 (GCVE-0-2014-0944)
Vulnerability from cvelistv5
Published
2014-05-09 10:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-odm-cve20140944-csrf(92559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-odm-cve20140944-csrf(92559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-odm-cve20140944-csrf(92559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92559"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0944",
"datePublished": "2014-05-09T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0945 (GCVE-0-2014-0945)
Vulnerability from cvelistv5
Published
2014-05-09 10:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-odm-cve20140945-xss(92562)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-odm-cve20140945-xss(92562)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-odm-cve20140945-xss(92562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92562"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0945",
"datePublished": "2014-05-09T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1821 (GCVE-0-2018-1821)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Operational Decision Management |
Version: 8.5 Version: 8.6 Version: 8.7 Version: 8.8 Version: 8.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"name": "106325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106325"
},
{
"name": "46017",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46017/"
},
{
"name": "ibm-websphere-cve20181821-xxe(150170)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operational Decision Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.7"
},
{
"status": "affected",
"version": "8.8"
},
{
"status": "affected",
"version": "8.9"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"name": "106325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106325"
},
{
"name": "46017",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46017/"
},
{
"name": "ibm-websphere-cve20181821-xxe(150170)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-12T00:00:00",
"ID": "CVE-2018-1821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operational Decision Management",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "8.6"
},
{
"version_value": "8.7"
},
{
"version_value": "8.8"
},
{
"version_value": "8.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10744149",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10744149"
},
{
"name": "106325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106325"
},
{
"name": "46017",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46017/"
},
{
"name": "ibm-websphere-cve20181821-xxe(150170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1821",
"datePublished": "2018-12-13T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T23:00:28.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6114 (GCVE-0-2014-6114)
Vulnerability from cvelistv5
Published
2014-12-11 11:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20146114-info-disc(96211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20146114-info-disc(96211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20146114-info-disc(96211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96211"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6114",
"datePublished": "2014-12-11T11:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22319 (GCVE-0-2024-22319)
Vulnerability from cvelistv5
Published
2024-02-02 02:14
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Operational Decision Manager |
Version: 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1, 8.12.0.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.10.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.10.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.10.5.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.11.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.11.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.12.0.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-24T05:00:22.740630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T15:00:34.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operational Decision Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1, 8.12.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T18:55:52.839Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Operational Decision Manager JDNI injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22319",
"datePublished": "2024-02-02T02:14:50.571Z",
"dateReserved": "2024-01-08T23:41:52.508Z",
"dateUpdated": "2024-08-01T22:43:34.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1551 (GCVE-0-2025-1551)
Vulnerability from cvelistv5
Published
2025-04-29 15:41
Modified
2025-04-29 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Operational Decision Manager |
Version: 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1 cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T16:17:26.608961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:17:38.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Operational Decision Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T15:41:43.471Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Operational Decision Manager cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1551",
"datePublished": "2025-04-29T15:41:43.471Z",
"dateReserved": "2025-02-21T12:08:03.591Z",
"dateUpdated": "2025-04-29T16:17:38.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22320 (GCVE-0-2024-22320)
Vulnerability from cvelistv5
Published
2024-02-02 02:16
Modified
2025-05-07 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Operational Decision Manager |
Version: 8.10.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "operational_decision_manager",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.10.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T22:43:15.480784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:09:19.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:08.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146"
},
{
"url": "https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operational Decision Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146."
}
],
"value": "IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T18:50:36.341Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7112382"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Operational Decision Manager code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22320",
"datePublished": "2024-02-02T02:16:32.962Z",
"dateReserved": "2024-01-08T23:41:52.508Z",
"dateUpdated": "2025-05-07T20:09:19.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0946 (GCVE-0-2014-0946)
Vulnerability from cvelistv5
Published
2014-05-09 10:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"name": "ibm-odm-cve20140946-cache(92573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"name": "ibm-odm-cve20140946-cache(92573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"
},
{
"name": "ibm-odm-cve20140946-cache(92573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0946",
"datePublished": "2014-05-09T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2824 (GCVE-0-2025-2824)
Vulnerability from cvelistv5
Published
2025-08-01 17:46
Modified
2025-08-01 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Operational Decision Manager |
Version: 8.11.0.1 Version: 8.11.1.0 Version: 8.12.0.1 Version: 9.0.0.1 Version: 9.5.0 cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:9.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T18:07:12.808015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:07:22.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:8.11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:9.0.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:operational_decision_manager:9.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Operational Decision Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.11.0.1"
},
{
"status": "affected",
"version": "8.11.1.0"
},
{
"status": "affected",
"version": "8.12.0.1"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"value": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:46:30.472Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241286"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Operational Decision Manager V8.11.0.1\u003cbr\u003eInterim fix 046 is available, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7238508\"\u003edownload document\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eIBM Operational Decision Manager V8.11.1:\u003cbr\u003eInterim fix 044 is available, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7237139\"\u003edownload document\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eIBM Operational Decision Manager V8.12.0.1:\u003cbr\u003eInterim fix 028 is available, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7236479\"\u003edownload document\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eIBM Operational Decision Manager V9.0.0.1:\u003cbr\u003eInterim fix 011 is available, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7230722\"\u003edownload document\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u0026nbsp;IBM Operational Decision Manager V9.5.0.0:\u003cbr\u003eInterim fix 002 is available, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7233740\"\u003edownload document\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM Operational Decision Manager V8.11.0.1\nInterim fix 046 is available, see download document https://www.ibm.com/support/pages/node/7238508 .\n\nIBM Operational Decision Manager V8.11.1:\nInterim fix 044 is available, see download document https://www.ibm.com/support/pages/node/7237139 .\n\nIBM Operational Decision Manager V8.12.0.1:\nInterim fix 028 is available, see download document https://www.ibm.com/support/pages/node/7236479 .\n\nIBM Operational Decision Manager V9.0.0.1:\nInterim fix 011 is available, see download document https://www.ibm.com/support/pages/node/7230722 .\n\n\u00a0IBM Operational Decision Manager V9.5.0.0:\nInterim fix 002 is available, see download document https://www.ibm.com/support/pages/node/7233740"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Operational Decision Manager HTTP open redirect",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2824",
"datePublished": "2025-08-01T17:46:30.472Z",
"dateReserved": "2025-03-26T15:42:06.334Z",
"dateUpdated": "2025-08-01T18:07:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}