The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
CPE | Name | Operator | Version |
---|---|---|---|
operational_decision_manager | eq | 8.0 | |
operational_decision_manager | eq | 8.5 | |
operational_decision_manager | eq | 7.5 |