Operational Decision Manager
CVE-2024-22319
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
AnalysisAI
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-74. IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. Affected products include: Ibm Operational Decision Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Operational Decision Manager
View allIBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) a
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the sys
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. Rated
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF4
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, an
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to condu
Share
External POC / Exploit Code
Leaving vuln.today