CVE-2014-0945

EUVD-2014-0975
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
ibmoperational_decision_manager
7.5
ibmoperational_decision_manager
8.0
ibmoperational_decision_manager
8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21671324
https://exchange.xforce.ibmcloud.com/vulnerabilities/92562
http://www-01.ibm.com/support/docview.wss?uid=swg21671324
https://exchange.xforce.ibmcloud.com/vulnerabilities/92562