PT-2022-24552 · Micro Focus · Micro Focus Operations Bridge- Containerized+1
Adam Silviu
·
Published
2022-12-08
·
Updated
2022-12-12
·
CVE-2022-38754
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micro Focus Operations Bridge Manager versions prior to 2022.11
Micro Focus Operations Bridge- Containerized versions prior to 2022.11
Description
A potential issue has been identified in Micro Focus Operations Bridge - Containerized and Micro Focus Operations Bridge Manager. The issue could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue is only applicable if the Operations Bridge Manager capability is deployed.
Recommendations
For Micro Focus Operations Bridge Manager versions prior to 2022.11, update to version 2022.11 or later.
For Micro Focus Operations Bridge- Containerized versions prior to 2022.11, update to version 2022.11 or later.
As a temporary workaround, consider restricting access to the Operations Bridge Manager capability until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micro Focus Operations Bridge Manager
Micro Focus Operations Bridge- Containerized