CVE-2024-22319

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/279145	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7112382	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:operational_decision_manager:8.10.3:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.10.4:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.11:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:::::::*
	cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:::::::*

History

21 Mar 2024, 02:52

Type	Values Removed	Values Added
Summary	(en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.	(en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

06 Feb 2024, 19:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:ibm:operational_decision_manager:8.11:::::::* cpe:2.3:a:ibm:operational_decision_manager:8.10.3:::::::* cpe:2.3:a:ibm:operational_decision_manager:8.10.4:::::::* cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:::::::* cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:::::::* cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:::::::*
First Time		Ibm Ibm operational Decision Manager
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7112382 -~~	() https://www.ibm.com/support/pages/node/7112382 - Patch, Vendor Advisory

06 Feb 2024, 01:15

Type	Values Removed	Values Added
CWE	~~CWE-90~~	CWE-74
Summary	(en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145.	(en) IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

02 Feb 2024, 04:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-02 03:15

Updated : 2024-03-21 02:52

NVD link : CVE-2024-22319

Mitre link : CVE-2024-22319

CVE.ORG link : CVE-2024-22319

JSON object : View

Products Affected

ibm

operational_decision_manager

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

9.8 /10