The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21671324 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/92573 - |
Information
Published : 2014-05-09 10:50
Updated : 2024-11-21 02:03
NVD link : CVE-2014-0946
Mitre link : CVE-2014-0946
CVE.ORG link : CVE-2014-0946
JSON object : View
Products Affected
ibm
- operational_decision_manager
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor