Description
IBM ODM allows an unauthenticated user to connect it to any LDAP server. An attacker can exploit it to achieve remote code execution.
Remediation
Upgrade to the latest version of IBM ODM
References
Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed
To live is to fight, to fight is to live! - IBM ODM Remote Code Execution
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4298)
MySQL CVE-2022-21337 Vulnerability (CVE-2022-21337)
MySQL CVE-2019-2589 Vulnerability (CVE-2019-2589)
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2020-8185)
CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724)