Vulnerability Details : CVE-2021-22508
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.
Vulnerability category: Input validation
Products affected by CVE-2021-22508
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-22508
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22508
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
OpenText | 2024-05-17 |
CWE ids for CVE-2021-22508
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security@opentext.com (Secondary)
References for CVE-2021-22508
-
https://support.microfocus.com/kb/kmdoc.php?id=KM03793174
KM03793174 - Operations Bridge Reporter. SQL injection vulnerability, CVE-2021-22508
Jump to