Unveiling CVE-2024-22320: A Novice's Journey to Exploiting Java Deserialization RCE in IBM ODM

Unveiling CVE-2024-22320: A Novice's Journey to Exploiting Java Deserialization RCE in IBM ODM

CVEs

8.8 High Severity

Apps

8.10.5.1.*
8.12.0.1.*
8.9.0.2.*
8.9.1.0.*
8.10.2.0.*
8.7.1.2.*
8.8.1.1.*
8.8.1.2.*
8.8.0.1.*
8.8.1.0.*

Screenshots from the blog posts

images/clt13ohkj839r1hn07f282hjs.pngimages/clt13ohkj839r1hn07f282hjs.png

Summary

Certain versions of IBM Operational Decision Manager allow a remote unauthenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. This post acts a complete hands-on guide to understand and exploit this deserialization vulnerability without any prior experience with such vulnerabilities. The complete process right from the very start is shown to make is easy to follow for even the beginner audience!

Description

@secatgourity

185 posts

Total vcoins

120.8K

Social media links

Comments (0)