{"api_version":"1","generated_at":"2026-04-23T06:44:39+00:00","cve":"CVE-2021-22514","urls":{"html":"https://cve.report/CVE-2021-22514","api":"https://cve.report/api/cve/CVE-2021-22514.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22514","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22514"},"summary":{"title":"CVE-2021-22514","description":"An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.","state":"PUBLIC","assigner":"security@microfocus.com","published_at":"2021-04-28 12:15:00","updated_at":"2023-11-07 03:30:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://softwaresupport.softwaregrp.com/doc/KM03806649","name":"https://softwaresupport.softwaregrp.com/doc/KM03806649","refsource":"MISC","tags":[],"title":"MySupport - Micro Focus Software Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22514","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22514","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.40","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.50","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22514","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"application_performance_management","cpe6":"9.51","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22514","ASSIGNER":"security@microfocus.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Application Performance Management (APM)","version":{"version_data":[{"version_value":"Micro Focus Application Performance Management 9.40, 9.50 and 9.51"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Arbitrary code execution."}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://softwaresupport.softwaregrp.com/doc/KM03806649","url":"https://softwaresupport.softwaregrp.com/doc/KM03806649"}]},"description":{"description_data":[{"lang":"eng","value":"An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM."}]}},"nvd":{"publishedDate":"2021-04-28 12:15:00","lastModifiedDate":"2023-11-07 03:30:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22514","Ordinal":"197219","Title":"CVE-2021-22514","CVE":"CVE-2021-22514","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22514","Ordinal":"1","NoteData":"An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22514","Ordinal":"2","NoteData":"2021-04-28","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22514","Ordinal":"3","NoteData":"2021-04-28","Type":"Other","Title":"Modified"}]}}}