Skip to main content

Operational Decision Manager

9 CVEs product

Monthly

CVE-2025-2824 HIGH This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Operational Decision Manager
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-1551 MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-22320 HIGH POC PATCH THREAT This Week

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE IBM Operational Decision Manager
NVD
CVSS 3.1
8.8
EPSS
73.4%
CVE-2024-22319 CRITICAL POC PATCH THREAT Act Now

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM RCE Operational Decision Manager
NVD
CVSS 3.1
9.8
EPSS
76.4%
CVE-2018-1821 CRITICAL POC THREAT Act Now

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM XXE Operational Decision Manager
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
15.8%
CVE-2014-6114 MEDIUM This Month

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure Operational Decision Manager Websphere Ilog Jrules +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-0946 MEDIUM This Month

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Operational Decision Manager
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-0945 LOW Monitor

Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-0944 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Operational Decision Manager
NVD
CVSS 2.0
6.0
EPSS
0.2%
EPSS 0% CVSS 7.4
HIGH This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Operational Decision Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
EPSS 73% CVSS 8.8
HIGH POC PATCH THREAT This Week

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE IBM +1
NVD
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM RCE Operational Decision Manager
NVD
EPSS 16% CVSS 9.1
CRITICAL POC THREAT Act Now

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM XXE Operational Decision Manager
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM This Month

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Operational Decision Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Operational Decision Manager
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy