CVE-2014-0946

Name of the Vulnerable Software and Affected Versions IBM Operational Decision Manager versions 7.5 before FP3 IF37 IBM Operational Decision Manager versions 8.0 before MP1 FP2 IBM Operational Decision Manager versions 8.5 before MP1 IF26

Description The issue concerns the RES Console in Rule Execution Server, which fails to send appropriate Cache-Control HTTP headers. This allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Recommendations For IBM Operational Decision Manager version 7.5, update to at least FP3 IF37 to resolve the issue. For IBM Operational Decision Manager version 8.0, update to at least MP1 FP2 to resolve the issue. For IBM Operational Decision Manager version 8.5, update to at least MP1 IF26 to resolve the issue.