SB2025080509 - Multiple vulnerabilities in IBM Operational Decision Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025080509

SB2025080509 - Multiple vulnerabilities in IBM Operational Decision Manager

Published: August 5, 2025

Security Bulletin ID SB2025080509
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2023-7272)

The vulnerability allows a remote non-authenticated attacker to a crash the entire system.

The vulnerability exists due to improper input validation within the Centralized Thirdparty Jars (Eclipse Parsson) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to a crash the entire system.


2) Open redirect (CVE-ID: CVE-2025-2824)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can trick the victim into visiting a specially crafted Web site to exploit this vulnerability and spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.


Remediation

Install update from vendor's website.

References