Summary

Certain versions of IBM Operational Decision Manager allow a remote unauthenticated attacker to execute arbitrary code on the system, caused by JNDI injection in an unprotected REST API. This post acts a complete hands-on guide to understand and exploit this JNDI injection vulnerability without any prior experience with such vulnerabilities. The complete process is performed considering a whitebox pentest, right from the very start is shown to make is easy to follow for even the beginner audience!

Description