CVE-2024-22320

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:56

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.8

21 Mar 2024, 02:52

Type Values Removed Values Added
Summary (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. (en) IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

06 Feb 2024, 19:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Ibm operational Decision Manager
Ibm
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7112382 - () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory
CPE cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*

02 Feb 2024, 04:58

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-02 03:15

Updated : 2024-11-21 08:56


NVD link : CVE-2024-22320

Mitre link : CVE-2024-22320

CVE.ORG link : CVE-2024-22320


JSON object : View

Products Affected

ibm

  • operational_decision_manager
CWE
CWE-502

Deserialization of Untrusted Data