Detections
Analytics

CVE-2021-22502

critical

Description

Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

References

https://www.zerodayinitiative.com/advisories/ZDI-21-154/

https://www.zerodayinitiative.com/advisories/ZDI-21-153/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22502

https://softwaresupport.softwaregrp.com/doc/KM03775947

http://packetstormsecurity.com/files/162408/Micro-Focus-Operations-Bridge-Reporter-Unauthenticated-Command-Injection.html

Details

Source: Mitre, NVD

Published: 2021-02-08

Updated: 2026-06-17

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.9674