[CVE-2021-22502] Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability

CISA KEV 정보

취약점명	Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
설명	Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-20 \| CWE-78
등록일 (KEV)	2021-11-03
조치 기한	2021-11-17
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2021-22502

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

설명: Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

CWE: CWE-78 | CWE-78

참조

http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html [Exploit, Third Party Advisory, VDB Entry]
https://softwaresupport.softwaregrp.com/doc/KM03775947 [Vendor Advisory]
https://www.zerodayinitiative.com/advisories/ZDI-21-153/ [Third Party Advisory, VDB Entry]
https://www.zerodayinitiative.com/advisories/ZDI-21-154/ [Third Party Advisory, VDB Entry]
http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html [Exploit, Third Party Advisory, VDB Entry]
https://softwaresupport.softwaregrp.com/doc/KM03775947 [Vendor Advisory]
https://www.zerodayinitiative.com/advisories/ZDI-21-153/ [Third Party Advisory, VDB Entry]
https://www.zerodayinitiative.com/advisories/ZDI-21-154/ [Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2021-22502] Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍