CVE-2022-38754 in Operations Bridge Containerized
Summary
by MITRE • 12/08/2022
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/24/2026
This vulnerability represents a critical cross-site scripting flaw in Micro Focus Operations Bridge Manager that enables privilege escalation through session manipulation. The issue stems from inadequate input validation and output encoding mechanisms within the web interface components that handle user interactions. An authenticated attacker with valid OBM credentials can leverage this weakness to inject malicious javascript code into the browser context of other legitimate users. The vulnerability specifically impacts versions prior to 2022.11 of both the standalone Operations Bridge Manager and its containerized deployment variant, indicating a widespread exposure across different installation methods. This type of vulnerability falls under CWE-79 which categorizes cross-site scripting flaws as a primary concern for web application security, particularly when user-supplied data is not properly sanitized before being rendered in browser contexts.
The operational impact of this vulnerability extends beyond simple script execution as it enables a range of malicious activities that can compromise the integrity of the entire OBM environment. When a malicious user successfully injects javascript into another user's browser session, they can potentially steal session tokens, redirect users to phishing sites, modify dashboard configurations, or even escalate privileges within the application's access control framework. The attack vector requires authentication but does not necessitate elevated privileges, making it particularly dangerous in environments where multiple users share the same management interface. This vulnerability aligns with ATT&CK technique T1059.007 for JavaScript execution and T1531 for credential access through web application vulnerabilities, creating a pathway for persistent access and data exfiltration.
The technical exploitation of this vulnerability relies on the application's failure to properly sanitize user inputs in contexts where javascript execution is possible. When legitimate users interact with the interface, the application processes data without adequate filtering mechanisms that would prevent malicious payloads from being stored and subsequently executed in other users' browsers. This represents a classic server-side vulnerability that manifests client-side through browser-based execution. The affected versions indicate that this flaw existed for an extended period, suggesting that organizations may have been exposed to potential exploitation for months or years. Organizations should immediately assess their deployment status and implement patch management procedures to address this vulnerability. The recommended mitigation includes upgrading to version 2022.11 or later, which contains proper input validation and output encoding controls that prevent malicious script injection. Additionally, organizations should consider implementing network segmentation, monitoring for unusual user behavior patterns, and conducting regular security assessments to identify similar vulnerabilities in their operational technology environments.