CVE-2024-22320 PoC — IBM Operational Decision Manager 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-22320.yaml

Associated Vulnerability

Title:IBM Operational Decision Manager 代码问题漏洞 (CVE-2024-22320)
Description:IBM Operational Decision Manager是美国国际商业机器（IBM）公司的一种决策管理解决方案，用于帮助组织更好地管理和执行业务规则和决策。 IBM Operational Decision Manager 8.10.3 版本、8.10.4 版本、8.10.5.1 版本、8.11 版本、8.11.0.1 版本和 8.12.0.1 版本存在代码问题漏洞，该漏洞源于通过发送特制请求，可以在 SYSTEM 环境中执行任意代码。

Description

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.  IBM X-Force ID:  279146.

File Snapshot


 id: CVE-2024-22320

info:
  name: IBM Operational Decision Manager - Java Deserialization
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!