Micro Focus Operations Agent is a scalable, OS-agnostic software that collects, consolidates, and transfers through smart plug-ins, information on the performance and availability of the system it's installed on. It helps IT operations to proactively monitor infrastructure health and performance. With smart plug-ins, it offers broad management capability for virtual and physical servers, containers, cloud, databases, middleware, and packaged applications.

Micro Focus Operations Agent

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-22505	CRITICAL	9.8	Micro Focus Operations Agent	cpe:2.3:a:microfocus:operations_agent	No	Yes	Apr 13, 2021
CVE-2024-0622	HIGH	7.8	Micro Focus Operations Agent	cpe:2.3:a:microfocus:operations_agent	No	Yes	Feb 15, 2024
CVE-2020-11861	HIGH	7.8	Micro Focus Operations Agent	cpe:2.3:a:microfocus:operations_agent	No	Yes	Sep 18, 2020
CVE-2019-17085	MEDIUM	6.5	Micro Focus Operations Agent	cpe:2.3:a:microfocus:operations_agent	No	Yes	Nov 18, 2019
CVE-2021-38129	LOW	3.3	Micro Focus Operations Agent	cpe:2.3:a:microfocus:operations_agent	No	Yes	Jan 25, 2022

CVE-2021-38129:
Micro Focus Operations Agent vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

3.3

Related Micro Focus Operations Agent vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2021-38129: Micro Focus Operations Agent vulnerability analysis and mitigation