CVE-2022-38754

HIGH

Micro Focus Operations Bridge - Containerized - Auth Bypass

Title source: llm

Description

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.

References (3)

Core 3

Core References

Various Sources

https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes

Various Sources

https://portal.microfocus.com/s/article/KM000012517?language=en_US

Various Sources

https://portal.microfocus.com/s/article/KM000012518?language=en_US

Scores

CVSS v3 8.0

EPSS 0.0036

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (2)

microfocus/operations_bridge < 2022.11

microfocus/operations_bridge_manager < 2022.11

Published Dec 08, 2022

Tracked Since Feb 18, 2026