CVE-2021-22502

Name of the Vulnerable Software and Affected Versions Micro Focus Operation Bridge Reporter version 10.40

Description The issue is related to a Remote Code Execution vulnerability in the Micro Focus Operation Bridge Reporter product. It could be exploited to allow Remote Code Execution on the OBR server. The vulnerability is associated with incorrect handling of parameters in the LogonResource endpoint. This could enable a remote attacker to execute arbitrary code.

Recommendations For version 10.40, consider disabling the LogonResource endpoint or restricting access to it until a patch is available. Additionally, be cautious when using the userName and token parameters in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.