CVE-2021-22507
Description
An authentication bypass in Micro Focus Operations Bridge Manager lets remote, unauthenticated attackers gain unauthorized access to the CMDB application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authentication bypass in Micro Focus Operations Bridge Manager lets remote, unauthenticated attackers gain unauthorized access to the CMDB application.
Vulnerability
An authentication bypass vulnerability exists in Micro Focus Operations Bridge Manager versions 2019.05, 2019.11, 2020.05, and 2020.10. The flaw allows remote attackers to bypass user authentication and gain unauthorized access to parts of the CMDB application [1]. No authentication or special configuration is needed to reach the vulnerable code path.
Exploitation
An attacker can exploit this vulnerability remotely without any prior authentication, user interaction, or special network position [1]. The attack vector is network-based, with low complexity. No privileges are required, and the exploit does not depend on any race condition or specific timing.
Impact
Successful exploitation results in high impact to confidentiality, integrity, and availability (CVSS 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [1]. An attacker can gain unauthorized read and write access to the CMDB application, potentially leading to full compromise of the affected system [1].
Mitigation
Micro Focus provides a fix via a patch; see the resolution link in the security bulletin [1]. Users should apply the patch from KM03790766 for their affected version [1]. No workarounds or EOL status are mentioned in the references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Micro Focus/Operations Bridge Managerdescription
- Range: >=2019.05 <=2020.10
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing or broken authentication logic in Micro Focus Operations Bridge Manager allows remote attackers to bypass user authentication."
Attack vector
An unauthenticated remote attacker can exploit this vulnerability over the network without any privileges or user interaction (CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8) [ref_id=1]. The attacker sends crafted requests to the Operations Bridge Manager application, bypassing the authentication mechanism to gain unauthorized access to parts of the CMDB application [ref_id=1].
Affected code
The advisory does not specify the exact functions, files, or code paths at fault. It only identifies the affected product as Micro Focus Operations Bridge Manager versions 2019.05, 2019.11, 2020.05, and 2020.10 [ref_id=1].
What the fix does
Micro Focus provides a mitigation via a knowledge base article (KM03790766) that resolves the vulnerability for the impacted versions [ref_id=1]. The advisory does not include a patch diff or describe the specific code changes, so the exact fix mechanism is not detailed in this source.
Preconditions
- authNo authentication required (PR:N)
- inputNo user interaction required (UI:N)
- networkNetwork access to the Operations Bridge Manager application
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- softwaresupport.softwaregrp.com/doc/KM03793283mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.