CVE-2021-22502

CRITICAL KEV NUCLEI

Micro Focus Operation Bridge Reporter <10.40 - RCE

Title source: llm

Exploitation Summary

CVE-2021-22502 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit, including a Metasploit module exploits/linux/http/microfocus_obr_cmd_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated command injection vulnerability in Micro Focus Operations Bridge Reporter (OBR) on Linux versions <= 10.40. The exploit injects a payload into the 'userName' field of a JSON POST request to the login endpoint, leveraging improper input validation to achieve remote code execution.

Description

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/microfocus_obr_cmd_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated command injection vulnerability in Micro Focus Operations Bridge Reporter (OBR) on Linux versions <= 10.40. The exploit injects a payload into the 'userName' field of a JSON POST request to the login endpoint, leveraging improper input validation to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Micro Focus Operations Bridge Reporter (Linux) versions <= 10.40

No auth needed

Prerequisites: Network access to the target's login endpoint (default port 21412 with SSL)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Micro Focus Operations Bridge Reporter - Remote Code Execution

CRITICALby pikpikcu

References (5)

Core 5

Core References

Vendor Advisory x_refsource_misc

https://softwaresupport.softwaregrp.com/doc/KM03775947

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-21-153/

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-21-154/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502

Scores

CVSS v3 9.8

EPSS 0.9404

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-03-15

InTheWild.io 2021-03-13

ENISA EUVD EUVD-2021-9648

CWE

CWE-78

Status published

Products (1)

microfocus/operation_bridge_reporter 10.40

Published Feb 08, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026