CVE-2021-38125

moderate-risk
Published 2022-04-11

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Operations Bridge
Operations Bridge

Affected Vendors

Microfocus

References (2)

https://portal.microfocus.com/s/article/KM000005303?language=en_US
https://portal.microfocus.com/s/article/KM000005303?language=en_US
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 7/34 · Low