CVE-2022-38754Cross-site Scripting in Focus Operations Bridge Containerized

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA8.0
EPSS
0.4%
top 41.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Micro Focus Operations Bridge ContainerizedMicro Focus Operations Bridge ManagerMicrofocus Operations Bridge+1 more
Timeline
PublishedDec 8

Description

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

CVEListV5micro_focus/micro_focus_operations_bridge_managerunspecified2022.11

🔴Vulnerability Details

2
GHSA
GHSA-cfjr-rrx2-8rp9: A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized2022-12-08
CVEList
CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS)2022-12-08
CVE-2022-38754 — Cross-site Scripting | cvebase