CVE-2024-22319

IBM Operational Decision Manager JDNI injection

CVSS 8.1 HIGHEPSS 76.4%CWE-74

In short

IBM Operational Decision Manager has a security flaw that allows attackers to run harmful code remotely by injecting malicious data through a specific API function that doesn't properly validate its inputs.

Technical detail

The vulnerability is a JNDI injection flaw in IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1, where an unchecked API argument enables remote code execution. The attack vector requires network access to the vulnerable API endpoint; successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected application.

Summary generated and translated by AI from the official description.

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

IBM · Operational Decision Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 https://www.ibm.com/support/pages/node/7112382