IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7112382 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7112382 | Patch Vendor Advisory |
https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
21 Mar 2024, 02:52
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. |
06 Feb 2024, 19:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Ibm operational Decision Manager
Ibm |
|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:* |
02 Feb 2024, 04:58
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-02 03:15
Updated : 2024-11-21 08:56
NVD link : CVE-2024-22320
Mitre link : CVE-2024-22320
CVE.ORG link : CVE-2024-22320
JSON object : View
Products Affected
ibm
- operational_decision_manager
CWE
CWE-502
Deserialization of Untrusted Data