Lucene search

IbmCVELIST:CVE-2024-22319

HistoryFeb 02, 2024 - 2:14 a.m.

CVE-2024-22319 IBM Operational Decision Manager JDNI injection

2024-02-0202:14:50

CWE-74

ibm

www.cve.org

ibm operational decision manager

remote code execution

jndi injection

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.347 Low

EPSS

Percentile

97.1%

JSON

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Operational Decision Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1, 8.12.0.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/279145

www.ibm.com/support/pages/node/7112382

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.347 Low

EPSS

Percentile

97.1%

JSON

Related for CVELIST:CVE-2024-22319