CVE-2014-0946

2014-05-0910:50:25

CWE-200

[email protected]

web.nvd.nist.gov

ibm

operational decision manager

res console

information disclosure

cve-2014-0946

nvd

security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Affected configurations

NVD

Node

ibmoperational_decision_managerMatch7.5

ibmoperational_decision_managerMatch8.0

ibmoperational_decision_managerMatch8.5

CPENameOperatorVersion
ibm:operational_decision_manageribm operational decision managereq7.5
ibm:operational_decision_manageribm operational decision managereq8.0
ibm:operational_decision_manageribm operational decision managereq8.5

CPE	Name	Operator	Version
ibm:operational_decision_manager	ibm operational decision manager	eq	7.5
ibm:operational_decision_manager	ibm operational decision manager	eq	8.0
ibm:operational_decision_manager	ibm operational decision manager	eq	8.5