Main Vulnerability Database Vulnerabilities #VU41705

Information disclosure in Operational Decision Manager - CVE-2014-0946

Published: May 9, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41705

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-0946

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Operational Decision Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

How to mitigate CVE-2014-0946

Install update from vendor's website.

Information disclosure in Operational Decision Manager - CVE-2014-0946

Detailed vulnerability description

How to mitigate CVE-2014-0946

Sources

Please verify you're human