Micro Focus Operations Bridge Manager Local Privilege Escalation
Posted by deepcore on February 16, 2021 – 12:06 pm
This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic code execution as SYSTEM. This module has been tested on OBM 2020.05, but it should work out of the box on earlier versions too.
Post a reply
You must be logged in to post a comment.