CVE-2024-22320: IBM Operational Decision Manager code execution
First published: Mon Jan 29 2024(Updated: )
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Operational Decision Manager | <=8.10.3 | |
| IBM Operational Decision Manager | <=8.10.4 | |
| IBM Operational Decision Manager | <=8.10.5.1 | |
| IBM Operational Decision Manager | <=8.11.0.1 | |
| IBM Operational Decision Manager | <=8.11.1 | |
| IBM Operational Decision Manager | <=8.12.0.1 | |
| IBM Operational Decision Manager | =8.10.3 | |
| IBM Operational Decision Manager | =8.10.4 | |
| IBM Operational Decision Manager | =8.10.5.1 | |
| IBM Operational Decision Manager | =8.11 | |
| IBM Operational Decision Manager | =8.11.0.1 | |
| IBM Operational Decision Manager | =8.12.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22320?
CVE-2024-22320 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2024-22320?
To fix CVE-2024-22320, upgrade IBM Operational Decision Manager to a patched version after 8.12.0.1.
Who is affected by CVE-2024-22320?
CVE-2024-22320 affects all versions of IBM Operational Decision Manager up to and including 8.12.0.1.
What type of vulnerability is CVE-2024-22320?
CVE-2024-22320 is an unsafe deserialization vulnerability that allows for arbitrary code execution.
Can CVE-2024-22320 be exploited remotely?
Yes, CVE-2024-22320 can be exploited remotely by authenticated attackers.
- agent/references
- agent/type
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/description
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm operational decision manager
- version/ibm operational decision manager/8.10.3
- version/ibm operational decision manager/8.10.4
- version/ibm operational decision manager/8.10.5.1
- version/ibm operational decision manager/8.11
- version/ibm operational decision manager/8.11.0.1
- version/ibm operational decision manager/8.12.0.1
- version/ibm operational decision manager/8.11.1