CVE-2024-22319

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.1

21 Mar 2024, 02:52

Type Values Removed Values Added
Summary (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

06 Feb 2024, 19:52

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*
First Time Ibm operational Decision Manager
Ibm
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7112382 - () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory
CWE CWE-74

06 Feb 2024, 01:15

Type Values Removed Values Added
CWE CWE-90 CWE-74
Summary IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145. IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

02 Feb 2024, 04:58

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-02 03:15

Updated : 2024-11-21 08:56


NVD link : CVE-2024-22319

Mitre link : CVE-2024-22319

CVE.ORG link : CVE-2024-22319


JSON object : View

Products Affected

ibm

  • operational_decision_manager
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')