Micro Focus Operations Bridge Reporter userName Command Injection Remote Code Execution Vulnerability

🗓️ 09 Feb 2021 00:00:00Reported by Pedro Ribeiro ([email protected]|@pedrib1337) from Agile Information SecurityType

zdi🔗 www.zerodayinitiative.com👁 50 Views

Micro Focus Operations Bridge Reporter userName Command Injection Remote Code Execution Vulnerability allows remote attackers to execute arbitrary code without authentication. It occurs in the LogonResource endpoint due to improper validation of the userName parameter, enabling code execution in root context.

Reporter	Title	Published	Views	Family All 28
0day.today	Micro Focus Operations Bridge Reporter Unauthenticated Command Injection Exploit	30 Apr 202100:00	–	zdt
ATTACKERKB	CVE-2021-22502	8 Feb 202100:00	–	attackerkb
BDU FSTEC	The vulnerability of the IT reporting software Operation Bridge Reporter (OBR) arises from improper processing of parameters related to the final login resource point. This allows a perpetrator to execute arbitrary code.	12 Aug 202100:00	–	bdu_fstec
Circl	CVE-2021-22502	9 Feb 202100:39	–	circl
CISA KEV Catalog	Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability	3 Nov 202100:00	–	cisa_kev
CNNVD	Micro Focus Operation Bridge 操作系统命令注入漏洞	8 Feb 202100:00	–	cnnvd
CNVD	Micro Focus Operations Bridge Reporter Remote Code Execution Vulnerability	9 Feb 202100:00	–	cnvd
Check Point Advisories	Micro Focus Operations Bridge Reporter Remote Code Execution (CVE-2021-22502)	5 Apr 202100:00	–	checkpoint_advisories
CVE	CVE-2021-22502	8 Feb 202121:12	–	cve
Cvelist	CVE-2021-22502	8 Feb 202121:12	–	cvelist