Lucene search

[email protected]CVE-2021-22507

HistoryApr 08, 2021 - 6:15 p.m.

CVE-2021-22507

2021-04-0818:15:13

CWE-287

[email protected]

web.nvd.nist.gov

cve-2021-22507

micro focus

operations bridge manager

authentication

bypass

vulnerability

remote attackers

unauthorized access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access.

Affected configurations

NVD

Node

microfocusoperations_bridge_managerMatch2019.05

microfocusoperations_bridge_managerMatch2019.11

microfocusoperations_bridge_managerMatch2020.05

microfocusoperations_bridge_managerMatch2020.10

CPENameOperatorVersion
microfocus:operations_bridge_managermicrofocus operations bridge managereq2019.05
microfocus:operations_bridge_managermicrofocus operations bridge managereq2019.11
microfocus:operations_bridge_managermicrofocus operations bridge managereq2020.05
microfocus:operations_bridge_managermicrofocus operations bridge managereq2020.10

CPE	Name	Operator	Version
microfocus:operations_bridge_manager	microfocus operations bridge manager	eq	2019.05
microfocus:operations_bridge_manager	microfocus operations bridge manager	eq	2019.11
microfocus:operations_bridge_manager	microfocus operations bridge manager	eq	2020.05
microfocus:operations_bridge_manager	microfocus operations bridge manager	eq	2020.10

CNA Affected

[
  {
    "product": "Operations Bridge Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2020.10"
      }
    ]
  }
]

References

softwaresupport.softwaregrp.com/doc/KM03793283

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2021-22507

cvelist1 prion1 nvd1