A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes - | |
References | () https://portal.microfocus.com/s/article/KM000012518?language=en_US - | |
References | () https://portal.microfocus.com/s/article/KM000012517?language=en_US - |
12 Dec 2022, 15:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://portal.microfocus.com/s/article/KM000012517?language=en_US - Vendor Advisory | |
References | (MISC) https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes - Product, Vendor Advisory | |
References | (MISC) https://portal.microfocus.com/s/article/KM000012518?language=en_US - Vendor Advisory | |
First Time |
Microfocus
Microfocus operations Bridge Manager Microfocus operations Bridge |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:microfocus:operations_bridge:*:*:*:*:*:*:*:* cpe:2.3:a:microfocus:operations_bridge_manager:*:*:*:*:*:*:*:* |
|
CWE | CWE-79 |
08 Dec 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-08 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-38754
Mitre link : CVE-2022-38754
CVE.ORG link : CVE-2022-38754
JSON object : View
Products Affected
microfocus
- operations_bridge
- operations_bridge_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')