CVE-2024-22319

Name of the Vulnerable Software and Affected Versions IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1

Description The issue is related to a remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. This could allow a remote attacker to conduct an LDAP injection by sending a request with a specially crafted argument.

Recommendations For IBM Operational Decision Manager versions 8.10.3 through 8.12.0.1, consider disabling the API that accepts unchecked arguments until a patch is available. Restrict access to the vulnerable API to minimize the risk of exploitation. Avoid using unchecked arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.