CVE-2024-22319
Published Feb 2, 2024
Last updated 8 months ago
Overview
- Description
- IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- psirt@us.ibm.com
- CWE-74
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E"
}
],
"operator": "OR"
}
]
}
]