Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2021-22502
PUBLISHEDRemote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be...
- Vendor
- Micro Focus
- Product
- Operation Bridge Reporter.
- Published
- Feb 08, 2021
- EPSS
- 94.0% · 100% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
Weaknesses (CWE)
-
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2021-11-03 00:00:00 UTC · CISA
Proof of concept available
Recorded 2025-04-28 15:02:08 UTC
References
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA First | 2021-11-03 00:00 UTC |
| The Shadowserver (via CIRCL) | 2026-05-31 00:00 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/microfocus_obr_cmd_injection.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22502.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Proof of Concept Exploit Available
-
Detected by Metasploit
-
KEV confirmed by The Shadowserver (via CIRCL)