CVE-2024-22319 PoC — IBM Operational Decision Manager 注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-22319.yaml

Associated Vulnerability

Title:IBM Operational Decision Manager 注入漏洞 (CVE-2024-22319)
Description:IBM Operational Decision Manager是美国国际商业机器（IBM）公司的一种决策管理解决方案，用于帮助组织更好地管理和执行业务规则和决策。 IBM Operational Decision Manager 8.10.3 版本、8.10.4 版本、8.10.5.1 版本、8.11 版本、8.11.0.1 版本和 8.12.0.1 版本存在注入漏洞，该漏洞源于通过发送带有特制内容的请求，可以将未经净化的内容注入 LDAP 过滤器。

Description

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.  IBM X-Force ID:  279145.

File Snapshot


 id: CVE-2024-22319

info:
  name: IBM Operational Decision Manager - JNDI Injection
  author: Dhiyan

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!