CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2021-22502 – Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Una vulnerabilidad de ejecución de Código Remota en el producto Micro Focus Operation Bridge Reporter (OBR), afectando a la versión 10.40. La vulnerabilidad podría ser explotada para permitir una Ejecución de Código Remota en el servidor OBR This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Token parameter provided to the LogonResource endpoint. • http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html https://softwaresupport.softwaregrp.com/doc/KM03775947 https://www.zerodayinitiative.com/advisories/ZDI-21-153 https://www.zerodayinitiative.com/advisories/ZDI-21-154 https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22500
https://notcve.org/view.php?id=CVE-2021-22500
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. Una vulnerabilidad de tipo Cross Site Request Forgery en el producto Micro Focus Application Performance Management, afectando a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría ser explotada por un atacante para engañar a usuarios a que ejecuten acciones de su elección • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22499
https://notcve.org/view.php?id=CVE-2021-22499
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. Una vulnerabilidad de tipo Cross-Site scripting persistente en el producto Micro Focus Application Performance Management, afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir un ataque de tipo XSS persistente • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-22498
https://notcve.org/view.php?id=CVE-2021-22498
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. Vulnerabilidad de Inyección de Entidad Externa XML en el producto Micro Focus Application Lifecycle Management (anteriormente se conoce como Quality Center). La vulnerabilidad afecta a las versiones 12.x, 12.60 Parche 5 y anteriores, 15.0.1 Parche 2 y anteriores y 15.5. • https://softwaresupport.softwaregrp.com/doc/KM03771781 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25838
https://notcve.org/view.php?id=CVE-2020-25838
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. Una vulnerabilidad de divulgación de información confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. • https://softwaresupport.softwaregrp.com/doc/KM03767186 •