IBM Operational Decision Manager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Operational Decision Manager.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Operational Decision Manager. Last year, in 2025 Operational Decision Manager had 2 security vulnerabilities published. Right now, Operational Decision Manager is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.75 |
| 2024 | 2 | 9.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Operational Decision Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Operational Decision Manager Security Vulnerabilities
IBM ODM <=9.5.0 Open Redirect (Phishing)
CVE-2025-2824
7.4 - High
- August 01, 2025
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Open Redirect
XSS in IBM ODM 8.11.0.1-9.0.0.1 Web UI - Unauth Code Injection
CVE-2025-1551
6.1 - Medium
- April 29, 2025
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM ODM 8.10.3 RCE via unsafe deserialization
CVE-2024-22320
8.8 - High
- February 02, 2024
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
Marshaling, Unmarshaling
IBM ODM 8.10.3-8.12.0.1 RCE via JNDI Injection in API
CVE-2024-22319
9.8 - Critical
- February 02, 2024
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
Injection
IBM Operational Decision Management 8.5
CVE-2018-1821
- December 13, 2018
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Operational Decision Manager or by IBM? Click the Watch button to subscribe.
