CVE-2024-22320: IBM Operational Decision Manager code execution

9.8 CVSS

Description

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

Classification

CVE ID: CVE-2024-22320

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-502 Deserialization of Untrusted Data

Affected Products

Vendor: IBM

Product: Operational Decision Manager

Nuclei Template

http/cves/2024/CVE-2024-22320.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 90.43% (probability of being exploited)

EPSS Percentile: 99.57% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-22320
https://www.ibm.com/support/pages/node/7112382
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146

Timeline

2025-05-07 21:40:14 UTC
CVE

IBM Operational Decision Manager code execution