IBM Operational Decision Manager HTTP open redirect_CVE-2025-2824

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Description

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Basic Information

ID CVE-2025-2824

Source ibm

Published Aug 1, 2025 at 17:46

Modified Aug 1, 2025 at 18:07

Affected Product

Vendor IBM

Product Operational Decision Manager

Version 8.11.0.1

Affected Versions IBM Operational Decision Manager 8.11.0.1
IBM Operational Decision Manager 8.11.1.0
IBM Operational Decision Manager 8.12.0.1
IBM Operational Decision Manager 9.0.0.1
IBM Operational Decision Manager 9.5.0

CWE Classification

CWE-601

References

www.ibm.com /support/pages/node/7241286

{
    "lastseen": "",
    "description": "IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.",
    "published": "2025-08-01T17:46:30.472Z",
    "modified": "2025-08-01T18:07:22.830Z",
    "type": "cve",
    "title": "IBM Operational Decision Manager HTTP open redirect",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7241286",
    "id": "CVE-2025-2824",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "IBM Operational Decision Manager 8.11.0.1\nIBM Operational Decision Manager 8.11.1.0\nIBM Operational Decision Manager 8.12.0.1\nIBM Operational Decision Manager 9.0.0.1\nIBM Operational Decision Manager 9.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Operational Decision Manager",
    "version": "8.11.0.1",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}