Security update: Phishing attacks on IBM Operational Decision Manager possible
IBM's business tool Operational Decision Manager is vulnerable. The developers have closed two security gaps in current versions.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can attack IBM Operational Decision Manager (ODM) in various ways. In one case, systems can crash. Attackers can also gain access to confidential information.
ODM collects data on business decisions and helps with automation and control in this context.
Two security vulnerabilities
One vulnerability (CVE-2023-7272"high") affects the Eclipse Parsson component that processes JSON documents. Attackers can start here with a prepared document. If a victim opens such a file, a memory error occurs, resulting in crashes.
The second vulnerability (CVE-2025-2824"high") can be used by remote attackers to launch a phishing attack and is highly likely to capture access data in this way. This is achieved via an open redirect attack, in which attackers redirect victims to a website they have created, which is falsely classified as trustworthy.
The warning message does not state whether there are already attacks and how admins can recognize systems that have already been attacked.
Videos by heise
Protecting systems
The developers state that ODM versions 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1 and 9.5.0 are at risk. To secure computers against the described attacks, admins must install the following versions linked in the warning message:
- 8.11.0.1 Interim fix 046
- 8.11.1.0 Interim fix 044
- 8.12.0.1 Interim fix 028
- 9.0.0.1 Interim fix 011
- 9.5.0 Interim fix 002
The developers at IBM have recently closed several security gaps in the database management system Db2. After successful attacks, malicious code can get onto systems and attackers can gain full control.
(des)
