CVE-2024-22320

CRITICAL EXPLOITED NUCLEI

IBM Operational Decision Manager - Java Deserialization

Title source: nuclei

Description

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

Nuclei Templates (1)

IBM Operational Decision Manager - Java Deserialization

HIGHVERIFIEDby DhiyaneshDK

Shodan: html:"IBM ODM" || http.html:"ibm odm"

FOFA: title="IBM ODM" || title="ibm odm" || body="ibm odm"

References (3)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/279146

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7112382

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm

Scores

CVSS v3 9.8

EPSS 0.9116

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-03-22

Classification

CWE

CWE-502

Status published

Affected Products (6)

ibm/operational_decision_manager

Timeline

Published Feb 02, 2024

Tracked Since Feb 18, 2026