CVE-2020-11857

CRITICAL

Microfocus Operation Bridge Reporter < 10.40 - Hard-coded Credentials

Title source: rule

Description

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/microfocus_obr_shrboadmin.rb

View Code ZIP pw:eip

References (3)

[Various Sources] https://softwaresupport.softwaregrp.com/doc/KM03710590

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-20-1215/

Scores

CVSS v3 9.8

EPSS 0.6319

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

microfocus/operation_bridge_reporter 10.00 - 10.40

Published Sep 22, 2020

Tracked Since Feb 18, 2026