Micro Focus Operations Bridge Reporter - Remote Code Execution

Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. id: CVE-2021-22502 info: name: Micro Focus...

org.apache.felix:org.apache.felix.webconsole.plugins.ds (=2.3.0), org.apache.felix:org.apache.felix.webconsole.plugins.memoryusage (=1.1.0) +2 more potentially affected by CVE-2025-25247 via org.apache.felix:org.apache.felix.webconsole (=4.9.0)

org.apache.felix:org.apache.felix.webconsole MAVEN version =4.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.felix:org.apache.felix.webconsole and may be impacted: - org.apache.felix:org.apache.felix.webconsole.plugins.ds =2.3.0 -...

karaf: path traversal flaws

A flaw was found in the Apache Karaf obr: command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user...

Path traversal in Apache Karaf

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

Apache Karaf path traversal vulnerability

Apache Karaf is an open source, modern, multi-format, lightweight, powerful, OSGI-certified enterprise container that provides many features to help developers and users deploy applications more flexibly.A path traversal vulnerability exists in Apache Karaf. The vulnerability is related to the ob...

CVE-2022-22932

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

Path traversal

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

Apache Karaf 路径遍历漏洞

Apache Karaf is an open source, modern, multi-format, lightweight, powerful, OSGI-certified enterprise container that provides many features to help developers and users deploy applications more flexibly.A path traversal vulnerability exists in Apache Karaf. The vulnerability is related to the ob...

Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability

Micro Focus Operation Bridge Report OBR contains an unspecified vulnerability that allows for remote code execution...

Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit

This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation

This module exploits an incorrectly permissioned folder in Micro Focus Operations Bridge Manager and Operations Bridge Reporter. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM / OBR serve...

Remote code execution

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter OBR product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server...

CVE-2021-22502

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter OBR product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server...

CVE-2021-22502

Micro Focus Operations Bridge Reporter 10.40 is vulnerable to unauthenticated remote code execution via a login command injection vulnerability. The Nuclei template and Metasploit module describe an unauthenticated path to run arbitrary commands on the OBR server, potentially enabling full system...

CVE-2020-11855

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges...

Authorization

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges...

CVE-2020-11856

Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR...

Security update 1970-01-01

...