Vulnerability Details CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.94
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html
- https://softwaresupport.softwaregrp.com/doc/KM03775947
- https://www.zerodayinitiative.com/advisories/ZDI-21-153/
- https://www.zerodayinitiative.com/advisories/ZDI-21-154/
- http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html
- https://softwaresupport.softwaregrp.com/doc/KM03775947
- https://www.zerodayinitiative.com/advisories/ZDI-21-153/
- https://www.zerodayinitiative.com/advisories/ZDI-21-154/
Products affected by CVE-2021-22502
-
cpe:2.3:a:microfocus:operation_bridge_reporter:10.40