CVE-2024-22320
Published Feb 2, 2024
Last updated 8 months ago
Overview
- Description
- IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- psirt@us.ibm.com
- CWE-502
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2"
},
{
"criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E"
}
],
"operator": "OR"
}
]
}
]