CVE-2022-26323

Description

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.

Weakness Type (CWE)

CWE-648 CWE-648

References

Other References

https://portal.microfocus.com/s/article/KM000039040?language=en_US https://portal.microfocus.com/s/article/KM000039044?language=en_US

Frequently Asked Questions

What is CVE-2022-26323? +

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.

How do I check if I'm vulnerable to CVE-2022-26323? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-41329 9.9

OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter …

CVE-2024-11068 9.8

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s …

CVE-2024-8785 9.8

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing …

CVE-2024-37018 9.1

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken …

CVE-2026-41225 9.1

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create …

CVE-2026-41386 9.1

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and …