7 results (0.049 seconds)

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. • https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes https://portal.microfocus.com/s/article/KM000012517?language=en_US https://portal.microfocus.com/s/article/KM000012518?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. Una Ejecución de código remoto no autenticado en Micro Focus Operations Bridge en contenedor, afectando a versiones 2021.05, 2021.08 y versiones más recientes de Micro Focus Operations Bridge en contenedor si la implantación fue actualizada desde 2021.05 o 2021.08. La vulnerabilidad podría aprovecharse para una ejecución de código remota sin autenticación • https://portal.microfocus.com/s/article/KM000005303?language=en_US •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. • http://packetstormsecurity.com/files/161411/Micro-Focus-Operations-Bridge-Manager-Local-Privilege-Escalation.html https://softwaresupport.softwaregrp.com/doc/KM03747658 https://softwaresupport.softwaregrp.com/doc/KM03747854 https://www.zerodayinitiative.com/advisories/ZDI-20-1326 •

CVSS: 10.0EPSS: 30%CPEs: 24EXPL: 0

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. • http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html https://softwaresupport.softwaregrp.com/doc/KM03747657 https://softwaresupport.softwaregrp.com/doc/KM03747658 https://softwaresupport.softwaregrp.com/doc/KM03747854 https://www.zerodayinitiative.com/advisories/ZDI-20-1287 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0

A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. Existe una vulnerabilidad de ejecución remota de código y divulgación de información en Micro Focus Operations Bridge, en la suite "containerized", en versiones 2017.11, 2018.02, 2018.05 y 2018.08. Esta vulnerabilidad podría permitir la divulgación de información. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •