← Volver a CVEs
CVE-2021-22502
CRITICALCISA KEV9.8
Descripcion
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/8/2021
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicro Focus
ProductoOperation Bridge Reporter (OBR)
Nombre vulnerabilidadMicro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2021-11-17
Uso en ransomwareUnknown
Productos afectados
microfocus:operation_bridge_reporter
Debilidades (CWE)
CWE-78CWE-78
Referencias
http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html(security@opentext.com)
https://softwaresupport.softwaregrp.com/doc/KM03775947(security@opentext.com)
https://www.zerodayinitiative.com/advisories/ZDI-21-153/(security@opentext.com)
https://www.zerodayinitiative.com/advisories/ZDI-21-154/(security@opentext.com)
http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.softwaregrp.com/doc/KM03775947(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-153/(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-154/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.