CVE-2024-22319
HIGH EXPLOITED NUCLEIIBM Operational Decision Manager - JNDI Injection
Title source: nucleiExploitation Summary
CVE-2024-22319 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
Nuclei Templates (1)
IBM Operational Decision Manager - JNDI Injection
CRITICALVERIFIEDby DhiyaneshDK
Shodan:
html:"IBM ODM" || http.html:"ibm odm"
FOFA:
title="IBM ODM" || title="ibm odm" || body="ibm odm"
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7112382
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/279145
Scores
CVSS v3
8.1
EPSS
0.7640
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-03-17
CWE
CWE-74
Status
published
Products (6)
ibm/operational_decision_manager
8.10.3
ibm/operational_decision_manager
8.10.4
ibm/operational_decision_manager
8.10.5.1
ibm/operational_decision_manager
8.11
ibm/operational_decision_manager
8.11.0.1
ibm/operational_decision_manager
8.12.0.1
Published
Feb 02, 2024
Tracked Since
Feb 18, 2026