.. / CVE-2024-22319

Exploit for IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.12.0.1 - Authenticated Remote Code Execution (CVE-2024-22319)

Description:

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-22319.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-22319.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-22319
https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22319-a-novices-journey-of-a-whitebox-pentest-from-nothing-to-everything-jndi-injection-rce-in-ibm-odm