CVE-2024-22320
CRITICAL EXPLOITED NUCLEIIBM Operational Decision Manager - Java Deserialization
Title source: nucleiExploitation Summary
CVE-2024-22320 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
Nuclei Templates (1)
IBM Operational Decision Manager - Java Deserialization
HIGHVERIFIEDby DhiyaneshDK
Shodan:
html:"IBM ODM" || http.html:"ibm odm"
FOFA:
title="IBM ODM" || title="ibm odm" || body="ibm odm"
References (3)
Core 3
Core References
Third Party Advisory
https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7112382
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146
Scores
CVSS v3
9.8
EPSS
0.9084
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-03-22
CWE
CWE-502
Status
published
Products (6)
ibm/operational_decision_manager
8.10.3
ibm/operational_decision_manager
8.10.4
ibm/operational_decision_manager
8.10.5.1
ibm/operational_decision_manager
8.11
ibm/operational_decision_manager
8.11.0.1
ibm/operational_decision_manager
8.12.0.1
Published
Feb 02, 2024
Tracked Since
Feb 18, 2026