Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for operation_bridge_reporter by microfocus

    CVE-2021-22502 (GCVE-0-2021-22502)

    Vulnerability from nvd – Published: 2021-02-08 21:12 – Updated: 2025-10-21 23:35
    Summary
    Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code execution.
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: OBR 10.40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.632Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22502",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T20:52:16.856649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:28.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-22502 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "OBR 10.40"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T16:06:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2021-22502",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OBR 10.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03775947",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2021-22502",
        "datePublished": "2021-02-08T21:12:35.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:28.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11856 (GCVE-0-2020-11856)

    Vulnerability from nvd – Published: 2020-09-22 14:03 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary code execution.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:58.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11856",
        "datePublished": "2020-09-22T14:03:47.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11857 (GCVE-0-2020-11857)

    Vulnerability from nvd – Published: 2020-09-22 14:00 – Updated: 2024-08-04 11:41
    VLAI
    Summary
    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:41:59.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T16:06:23.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11857",
        "datePublished": "2020-09-22T14:00:55.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:41:59.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11855 (GCVE-0-2020-11855)

    Vulnerability from nvd – Published: 2020-09-22 13:54 – Updated: 2024-08-04 11:41
    VLAI
    Summary
    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:41:59.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:43.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11855",
        "datePublished": "2020-09-22T13:54:11.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:41:59.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22502 (GCVE-0-2021-22502)

    Vulnerability from cvelistv5 – Published: 2021-02-08 21:12 – Updated: 2025-10-21 23:35
    Summary
    Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code execution.
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: OBR 10.40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:44:13.632Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22502",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T20:52:16.856649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:28.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2021-22502 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "OBR 10.40"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T16:06:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2021-22502",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OBR 10.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03775947",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03775947"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-153/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-154/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2021-22502",
        "datePublished": "2021-02-08T21:12:35.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:28.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11856 (GCVE-0-2020-11856)

    Vulnerability from cvelistv5 – Published: 2020-09-22 14:03 – Updated: 2024-08-04 11:42
    VLAI
    Summary
    Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary code execution.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary code execution.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:58.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary code execution."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1216/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11856",
        "datePublished": "2020-09-22T14:03:47.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11857 (GCVE-0-2020-11857)

    Vulnerability from cvelistv5 – Published: 2020-09-22 14:00 – Updated: 2024-08-04 11:41
    VLAI
    Summary
    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:41:59.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-30T16:06:23.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11857",
        "datePublished": "2020-09-22T14:00:55.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:41:59.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11855 (GCVE-0-2020-11855)

    Vulnerability from cvelistv5 – Published: 2020-09-22 13:54 – Updated: 2024-08-04 11:41
    VLAI
    Summary
    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass.
    Assigner
    Impacted products
    Vendor Product Version
    n/a Operation Bridge Reporter. Affected: 10.40 and earlier.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:41:59.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Operation Bridge Reporter.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.40 and earlier."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:43.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2020-11855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Operation Bridge Reporter.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.40 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://softwaresupport.softwaregrp.com/doc/KM03710590",
                  "refsource": "MISC",
                  "url": "https://softwaresupport.softwaregrp.com/doc/KM03710590"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1217/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2020-11855",
        "datePublished": "2020-09-22T13:54:11.000Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:41:59.896Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }