CVE-2021-22502
CVE-2021-22502
In short
A critical flaw in Micro Focus Operation Bridge Reporter version 10.40 allows attackers to execute arbitrary code remotely on the server. This means an attacker can take complete control of the affected system without needing valid credentials.
Technical detail
CWE-78 (Improper Neutralization of Special Elements used in an OS Command) in Micro Focus OBR 10.40 enables unauthenticated remote code execution through OS command injection. The vulnerability requires network access to the affected OBR instance and results in full system compromise with the privileges of the OBR service process.
Summary generated and translated by AI from the official description.
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Operation Bridge Reporter.public PoCs found — 1
cve_referencepacketstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.htmlhttps://softwaresupport.softwaregrp.com/doc/KM03775947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502https://www.zerodayinitiative.com/advisories/ZDI-21-153/https://www.zerodayinitiative.com/advisories/ZDI-21-154/