Cross-site scripting in Operational Decision Manager - CVE-2014-0945
Published: May 9, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41704
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-0945
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Operational Decision Manager
Operational Decision Manager
Detailed vulnerability description
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
How to mitigate CVE-2014-0945
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.