CVE-2014-0945

Name of the Vulnerable Software and Affected Versions IBM Operational Decision Manager versions 7.5 before FP3 IF37 IBM Operational Decision Manager versions 8.0 before MP1 FP2 IBM Operational Decision Manager versions 8.5 before MP1 IF26

Description A cross-site scripting (XSS) issue exists in the RES Console of IBM Operational Decision Manager, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Recommendations For IBM Operational Decision Manager version 7.5, update to FP3 IF37 or later. For IBM Operational Decision Manager version 8.0, update to MP1 FP2 or later. For IBM Operational Decision Manager version 8.5, update to MP1 IF26 or later.