CVE-2014-0946

Published: May 9, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Affected (3)

Products: Ibm: Operational Decision Manager

1 product

Operational Decision Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Operational Decision Manager	Version 7.5
Ibm Operational Decision Manager	Version 8.0
Ibm Operational Decision Manager	Version 8.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21671324

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92573

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21671324

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92573

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.