Rapid7 Vulnerability & Exploit Database

Micro Focus Operations Bridge Manager Authenticated Remote Code Execution

Back to Search

Micro Focus Operations Bridge Manager Authenticated Remote Code Execution



This module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However this module was only tested on Operations Bridge Manager. Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows. Authentication is required, the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. Any authenticated user can exploit this vulnerability, even the lowest privileged ones. For more information refer to the advisory link below.


  • Pedro Ribeiro <pedrib@gmail.com>






Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/microfocus_obm_auth_rce
msf exploit(microfocus_obm_auth_rce) > show targets
msf exploit(microfocus_obm_auth_rce) > set TARGET < target-id >
msf exploit(microfocus_obm_auth_rce) > show options
    ...show and set options...
msf exploit(microfocus_obm_auth_rce) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security