IBM Operational Decision Manager Vulnerable to Phishing Attacks

IBM's Operational Decision Manager (ODM), a key business tool for automating and managing decision-making processes, has been identified as vulnerable to potential phishing attacks. The developers have recently addressed two significant security flaws in the system.

Attackers can exploit these vulnerabilities through various methods, with one flaw potentially causing system crashes and the other allowing unauthorized access to sensitive information.

The first vulnerability, classified as CVE-2023-7272 with a high severity rating, pertains to the Eclipse Parsson component responsible for processing JSON documents. Attackers can take advantage of this flaw by delivering a specially crafted document. If a user opens this document, it can trigger a memory error, leading to system crashes.

The second vulnerability, identified as CVE-2025-2824, also carries a high severity rating. It enables remote attackers to orchestrate phishing attacks that may result in the interception of user credentials. This attack is executed via an Open Redirect method, redirecting victims to a malicious website disguised as a legitimate one.

As per the advisory, it remains unclear whether there have been any confirmed attacks exploiting these vulnerabilities or how administrators can identify compromised systems.

IBM has specified that the affected versions of ODM include 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0. To protect systems against these vulnerabilities, administrators are advised to install the updated versions linked in the advisory:

• 8.11.0.1 Interim fix 046
• 8.11.1.0 Interim fix 044
• 8.12.0.1 Interim fix 028
• 9.0.0.1 Interim fix 011
• 9.5.0 Interim fix 002

Recently, IBM also patched several vulnerabilities in its Db2 database management system, which could allow malware to gain control over systems following successful exploits.