CVE-2014-0946 - OpenCVE

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Operational Decision Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:operational_decision_manager:7.5:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.0:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.5:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21671324	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/92573

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2014-05-09T10:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0946

JSON object: View

NVD Information

Status : Modified

Published: 2014-05-09T10:50:25.397

Modified: 2017-08-29T01:34:21.733

Link: CVE-2014-0946

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-30T00:00:00", "descriptions": [{"lang": "en", "value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"}, {"name": "ibm-odm-cve20140946-cache(92573)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0946", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"}, {"name": "ibm-odm-cve20140946-cache(92573)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0946", "datePublished": "2014-05-09T10:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "000AB680-5E33-4986-A0F1-2CFF6DFF0ADE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6E71B29-F33F-4892-BED4-F3F8DF662E55", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "DD81870D-A065-42B5-A87C-56A59FBCCDA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation."}, {"lang": "es", "value": "La consola RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 no env\u00eda cabeceras HTTP de control de cach\u00e9 adecuadas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."}], "id": "CVE-2014-0946", "lastModified": "2017-08-29T01:34:21.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-09T10:50:25.397", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671324"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92573"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}