CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS)
CVE-2022-38754

8HIGH

Key Information:

Vendor: Micro Focus
Status: Micro Focus Operations Bridge Manager; Micro Focus Operations Bridge- Containerized
Vendor: CVE Published:; 8 December 2022

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2022-38754?

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.

Affected Version(s)

Micro Focus Operations Bridge Manager < 2022.11

Micro Focus Operations Bridge- Containerized < 2022.11

References

https://portal.microfocus.com/s/article/KM000012517?langu...

https://portal.microfocus.com/s/article/KM000012518?langu...

https://marketplace.microfocus.com/itom/content/operation...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Aug 25, 2022

Credit

Micro Focus would like to thank Adam Silviu for discovering and reporting the vulnerability.