Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
IBM ODM JNDI injection (CVE-2024-22319) - Vulnerability Database

IBM ODM JNDI injection (CVE-2024-22319)

Description

IBM ODM allows an unauthenticated user to connect it to any LDAP server. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of IBM ODM

References

Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed
To live is to fight, to fight is to live! - IBM ODM Remote Code Execution

Related Vulnerabilities

PaloAlto Networks Expedition RCE (CVE-2024-9463) Critical
Common tags: Known Vulnerabilities Code Execution Acumonitor
Ivanti EPM SQLi RCE (CVE-2024-29824) High
Common tags: Known Vulnerabilities Code Execution Acumonitor
Ivanti Sentry Authentication Bypass (CVE-2023-38035) Critical
Common tags: Known Vulnerabilities Code Execution Acumonitor
Apache Solr SSRF CVE-2017-3164 Medium
Common tags: Known Vulnerabilities Code Execution Acumonitor
Ruby on Rails DoubleTap RCE (CVE-2019-5420) High
Common tags: Known Vulnerabilities Code Execution Acumonitor

Severity

Critical

Classification

CVE-2024-22319
CWE-74
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Known Vulnerabilities
Code Execution
Acumonitor