CVE-2020-11857

CRITICAL

Micro Focus Operation Bridge Reporter < 10.40 - Authorization Bypass via Default Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11857. Includes Metasploit module exploits/linux/ssh/microfocus_obr_shrboadmin.

AI-analyzed exploit summary This Metasploit module exploits a default credential vulnerability in Micro Focus Operations Bridge Reporter, allowing SSH login with the 'shrboadmin:shrboadmin' credentials. It establishes an interactive command session upon successful authentication.

Description

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user

Exploits (1)

metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/microfocus_obr_shrboadmin.rb

This Metasploit module exploits a default credential vulnerability in Micro Focus Operations Bridge Reporter, allowing SSH login with the 'shrboadmin:shrboadmin' credentials. It establishes an interactive command session upon successful authentication.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Micro Focus Operations Bridge Reporter (Linux) versions <= 10.40
Auth required
Prerequisites: SSH service exposed on port 22 · Default credentials not changed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.1578
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
microfocus/operation_bridge_reporter 10.00 - 10.40
Published Sep 22, 2020
Tracked Since Feb 18, 2026