CVE-2024-22320 – IBM Operational Decision Manager code execution
https://notcve.org/view.php?id=CVE-2024-22320
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. IBM Operational Decision Manager versiones 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podrían permitir que un atacante remoto autenticado ejecute código arbitrario en el sistema, causado por una deserialización insegura. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto de SYSTEM. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 https://www.ibm.com/support/pages/node/7112382 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-22319 – IBM Operational Decision Manager JDNI injection
https://notcve.org/view.php?id=CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podría permitir a un atacante remoto realizar una inyección LDAP. Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para inyectar contenido no sanitizado en el filtro LDAP. ID de IBM X-Force: 279145. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 https://www.ibm.com/support/pages/node/7112382 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-1821 – IBM Operational Decision Manager 8.x - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2018-1821
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170. Las versiones 8.5, 8.6, 8.7, 8.8 y 8.9 de IBM Operational Decision Management son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://www.exploit-db.com/exploits/46017 http://www.securityfocus.com/bid/106325 https://exchange.xforce.ibmcloud.com/vulnerabilities/150170 https://www.ibm.com/support/docview.wss?uid=ibm10744149 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-6114
https://notcve.org/view.php?id=CVE-2014-6114
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El servicio Hosted Transparent Decision en el servidor de la ejecución de reglas en IBM WebSphere ILOG JRules 7.1 anterior a MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 anterior a FP3 IF41; y Operational Decision Manager 8.0 anterior a MP1 FP2 IF34, 8.5 anterior a MP1 FP1 IF43, y 8.6 anterior a IF8 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21691815 https://exchange.xforce.ibmcloud.com/vulnerabilities/96211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0945
https://notcve.org/view.php?id=CVE-2014-0945
Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consula RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671324 https://exchange.xforce.ibmcloud.com/vulnerabilities/92562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •