Lucene search
HistoryFeb 09, 2021 - 12:00 a.m.
Micro Focus Operations Bridge Reporter Token Command Injection Remote Code Execution Vulnerability
2021-02-0900:00:00
Pedro Ribeiro ([email protected]|@pedrib1337) from Agile Information Security
www.zerodayinitiative.com
25
0.961 High
EPSS
Percentile
99.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Token parameter provided to the LogonResource endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Related
nvd
nvd
CVE-2021-22502
2021-02-08 22:15:12
attackerkb
attackerkb
CVE-2021-22502
2021-02-08 00:00:00
zdi
zdi
packetstorm
packetstorm
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection
2021-04-30 00:00:00
zdt
zdt
cve
cve
CVE-2021-22502
2021-02-08 22:15:12
checkpoint_advisories
checkpoint_advisories
cisa_kev
cisa_kev
prion
prion
Remote code execution
2021-02-08 22:15:00
nuclei
nuclei
Micro Focus Operations Bridge Reporter - Remote Code Execution
2021-03-03 02:29:45
cvelist
cvelist
CVE-2021-22502
2021-02-08 21:12:35
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-05-07 19:41:01
threatpost
threatpost
Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices
2021-03-16 16:57:46
Auth Bypass Bug Exploited, Millions of Routers Affected
2021-08-09 19:41:30
thn
thn
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
2021-03-16 10:32:00
qualysblog
qualysblog
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01