Attackers can attack IBM Operational Decision Manager (ODM) in various ways. In one case, systems can crash. Attackers can also gain access to confidential information.
ODM collects data on business decisions and helps with automation and control in this context.
Two security vulnerabilities
One vulnerability (CVE-2023-7272″high”) affects the Eclipse Parsson component that processes JSON documents. Attackers can start here with a prepared document. If a victim opens such a file, a memory error occurs, resulting in crashes.
The second vulnerability (CVE-2025-2824″high”) can be used by remote attackers to launch a phishing attack and is highly likely to capture access data in this way. This is achieved via an open redirect attack, in which attackers redirect victims to a website they have created, which is falsely classified as trustworthy.
The warning message does not state whether there are already attacks and how admins can recognize systems that have already been attacked.
Protecting systems
The developers state that ODM versions 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1 and 9.5.0 are at risk. To secure computers against the described attacks, admins must install the following versions linked in the warning message:
8.11.0.1 Interim fix 0468.11.1.0 Interim fix 0448.12.0.1 Interim fix 0289.0.0.1 Interim fix 0119.5.0 Interim fix 002
The developers at IBM have recently closed several security gaps in the database management system Db2. After successful attacks, malicious code can get onto systems and attackers can gain full control.
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!