tags:enterprise_appjavadeserialization original link: “To live is to fight, to fight is to live! - IBM ODM Remote Code Execution newsletter link:
Exploits Club Summary:
Watchtowr labs released a write-up on their research into the IBM Operational Decision Manager. The post details the two bugs they found, a deserialization vuln and a JNDI injection. The team was able to take the JNDI injection all the way to RCE, and both vulns were given CVEs (CVE-2024-22319, CVE-2024-22320).