CVE-2014-0946

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*

History

21 Nov 2024, 02:03

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg21671324 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21671324 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/92573 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/92573 -

Information

Published : 2014-05-09 10:50

Updated : 2024-11-21 02:03


NVD link : CVE-2014-0946

Mitre link : CVE-2014-0946

CVE.ORG link : CVE-2014-0946


JSON object : View

Products Affected

ibm

  • operational_decision_manager
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor