CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-22502

CVSS 9.8v3.1pub. 2021-02-08upd. 2025-10-27

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microfocus Operation Bridge Reporter

    APP
    Microfocus
    10.40

CISA KEV — detailsi

Vendori
Micro Focus
Producti
Operation Bridge Reporter (OBR)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 17 listopada 2021
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2020-11856CRITICAL9.8ten sam produkt

Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and e...

CVE-2020-11857CRITICAL9.8ten sam produkt

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and ea...

CVE-2020-11855HIGH7.8ten sam produkt

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and ea...

CVE-2023-4501CRITICAL9.8ten sam vendor

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...

CVE-2023-24470CRITICAL9.1ten sam vendor

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.