Main Vulnerability Database Vulnerabilities #VU41705

#VU41705 Information disclosure in Operational Decision Manager - CVE-2014-0946

Published: May 9, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41705

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-0946

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Operational Decision Manager

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Remediation

Install update from vendor's website.

#VU41705 Information disclosure in Operational Decision Manager - CVE-2014-0946

Description

Remediation

External links