VDB
CNVD-2024-11740
CNVD-2024-11740
PUBLISHED
CVSS 9.800000190734863 CRITICAL
IBM Operational Decision Manager是美国国际商业机器(IBM)公司的一种决策管理解决方案,用于帮助组织更好地管理和执行业务规则和决策。 IBM Operational Decision Manager存在代码问题漏洞,该漏洞源于通过发送特制请求,可以在SYSTEM环境中执行任意代码。攻击者可以利用该漏洞上传任意文件。
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | operational_decision_manager | 8.10.3 |
| IBM | Operational Decision Manager | 8.10.3 |
Exploit Intelligence
- CIRCL seen: CVE-2024-22320 (circl-sighting)
- CIRCL seen: CVE-2024-22320 (circl-sighting)
- CIRCL seen: CVE-2024-22320 (circl-sighting)
- https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22320-a-novices-journey-to-exploiting-java-deserialization-rce-in-ibm-odm (circl)
- https://www.ibm.com/support/pages/node/7112382 (circl)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 (circl)
- Nuclei Template: CVE-2024-22320 (nuclei-template)
- Nuclei Template: CVE-2024-22320 (nuclei-template)
Timeline
- Jan 29, 2024 CVE Published
- Feb 2, 2024 PoC Published
- Feb 24, 2024 PoC Published
- May 7, 2025 PoC Published