IBM Operational Decision Manager code execution
CVE-2024-22320

9.8CRITICAL

Key Information:

Vendor
IBM
Status
Operational Decision Manager
Vendor
CVE Published:
2 February 2024

Badges

🟣 EPSS 38%📰 News Worthy

Summary

IBM Operational Decision Manager 8.10.3 contains a vulnerability that permits remote authenticated attackers to execute arbitrary code on the system due to unsafe deserialization flaws. By crafting specific requests, an attacker can leverage this vulnerability to run arbitrary code with SYSTEM-level privileges, potentially compromising the entire system. It is crucial for users and administrators to be aware of this risk and to apply any available patches and mitigations to secure their installations.

Affected Version(s)

Operational Decision Manager 8.10.3

News Articles

favicon imageprophaze.com

CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION - Cloud WAF

CVE-2024-22320 : IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.

1 year ago

References

https://www.ibm.com/support/pages/node/7112382
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146
vdb-entry

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

.