CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0944

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v2 Score 6.0

References

http://www-01.ibm.com/support/docview.wss?uid=swg21671324
https://exchange.xforce.ibmcloud.com/vulnerabilities/92559
http://www-01.ibm.com/support/docview.wss?uid=swg21671324
https://exchange.xforce.ibmcloud.com/vulnerabilities/92559

Products affected by CVE-2014-0944

Ibm » Operational Decision Manager » Version: 7.5

cpe:2.3:a:ibm:operational_decision_manager:7.5
Ibm » Operational Decision Manager » Version: 8.0

cpe:2.3:a:ibm:operational_decision_manager:8.0
Ibm » Operational Decision Manager » Version: 8.5

cpe:2.3:a:ibm:operational_decision_manager:8.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0944

Products

Pricing

Contact Us