OpenText Operations Bridge and UCMDB Privilege Escalation Vulnerability

A vulnerability allowing privilege escalation has been identified in OpenText Operations Bridge Manager, Operations Bridge Suite (Containerized), and Universal Configuration Management Database (UCMDB) both Classic and Containerized versions, all through 2021.05. This vulnerability arises from an incorrect use of privileged APIs, which could enable authenticated attackers to elevate user privileges. In the case of UCMDB, this exploitation would occur via the UCMDB SDK API.

Impact

Exploitation of this vulnerability could allow authenticated users to gain elevated privileges, potentially leading to unauthorized access or actions within the application.

Remediation

Users of OpenText Operations Bridge Manager should upgrade to version 2021.11 or later. A defect patch is also available for those unable to upgrade. For OpenText Operations Bridge Suite (Containerized), users should upgrade to version 2021.08 or later. OpenText Universal Discovery and UCMDB users should upgrade to version 2021.11 or later. For UCMDB 2021.02 Containerized, version 2021.08 or later is recommended, and a specific patch is available. UCMDB 2021.05 users should upgrade to version 2021.11 or later, with a patch available for those unable to upgrade.