CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2021-22502 – Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Una vulnerabilidad de ejecución de Código Remota en el producto Micro Focus Operation Bridge Reporter (OBR), afectando a la versión 10.40. La vulnerabilidad podría ser explotada para permitir una Ejecución de Código Remota en el servidor OBR This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Token parameter provided to the LogonResource endpoint. • http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html https://softwaresupport.softwaregrp.com/doc/KM03775947 https://www.zerodayinitiative.com/advisories/ZDI-21-153 https://www.zerodayinitiative.com/advisories/ZDI-21-154 https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0CVE-2020-11856 – Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11856
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. Una vulnerabilidad de ejecución de código arbitraria en Micro Focus Operation Bridge Reporter, afectando a la versión 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de OBR This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. • https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1216 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-11857 – Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11857
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos acceder al host de OBR como un usuario no administrador This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboadmin user during installation. The product contains a hard-coded password for this account. • http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1215 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11855 – Micro Focus Operations Bridge Reporter HPE-OBR Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-11855
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes locales en el host OBR ejecutar código con privilegios escalados This vulnerability allows local attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Reporter. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product's installer. • https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1217 • CWE-732: Incorrect Permission Assignment for Critical Resource •