CVE-2024-22319

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7112382 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*
History

21 Mar 2024, 02:52

Type Values Removed Values Added
Summary (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

06 Feb 2024, 19:52

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7112382 - () https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory
First Time Ibm operational Decision Manager
Ibm
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*

06 Feb 2024, 01:15

Type Values Removed Values Added
CWE CWE-90 CWE-74
Summary
  • (es) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podría permitir a un atacante remoto realizar una inyección LDAP. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para inyectar contenido no sanitizado en el filtro LDAP. ID de IBM X-Force: 279145.
Summary (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145. (en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

02 Feb 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-02 03:15

Updated : 2024-03-21 02:52

NVD link : CVE-2024-22319

Mitre link : CVE-2024-22319

CVE.ORG link : CVE-2024-22319

JSON object : View

Products Affected

ibm

  • operational_decision_manager
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')