IBM Operational Decision Manager code execution

CVE-2024-22320

9.8CRITICAL

Key Information

Vendor
IBM
Status
Operational Decision Manager
Vendor
CVE Published:
2 February 2024

Badges

đź“° News Worthy

Summary

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

Affected Version(s)

Operational Decision Manager = 8.10.3

News Articles

favicon imageprophaze.com

CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION - Cloud WAF

CVE-2024-22320 : IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.

11 months ago

Refferences

https://www.ibm.com/support/pages/node/7112382
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146
vdb-entry

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.