Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21671324 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/92559 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2014-05-09T10:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2014-01-06T00:00:00
Link: CVE-2014-0944
JSON object: View
NVD Information
Status : Modified
Published: 2014-05-09T10:50:25.320
Modified: 2017-08-29T01:34:21.623
Link: CVE-2014-0944
JSON object: View
Redhat Information
No data.
CWE