CVE-2021-22502

CRITICAL KEV NUCLEI

Micro Focus Operation Bridge Reporter <10.40 - RCE

Title source: llm

Description

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/microfocus_obr_cmd_injection.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Micro Focus Operations Bridge Reporter - Remote Code Execution

CRITICALby pikpikcu

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html

[Vendor Advisory] https://softwaresupport.softwaregrp.com/doc/KM03775947

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-21-153/

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-21-154/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502

Scores

CVSS v3 9.8

EPSS 0.9376

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-03-15

InTheWild.io 2021-03-13

ENISA EUVD EUVD-2021-9648

CWE

CWE-78

Status published

Products (1)

microfocus/operation_bridge_reporter 10.40

Published Feb 08, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026