Description

IBM ODM allows an unauthenticated user to connect it to any LDAP server. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of IBM ODM

References

Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed

To live is to fight, to fight is to live! - IBM ODM Remote Code Execution

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)

Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6065)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4332)

PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)

Severity

Critical

Classification

CVE-2024-22319 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Known Vulnerabilities Code Execution Acumonitor