Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-11853
HistoryOct 22, 2020 - 9:15 p.m.

CVE-2020-11853

2020-10-2221:15:12
[email protected]
web.nvd.nist.gov
101
4
cve-2020-11853
micro focus
arbitrary code execution
vulnerability
nvd
security
information security

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%

JSON

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Affected configurations

NVD
Node
microfocusoperation_bridge_managerRangeโ‰ค10.10
OR
microfocusoperation_bridge_managerMatch10.11
OR
microfocusoperation_bridge_managerMatch10.12
OR
microfocusoperation_bridge_managerMatch10.60
OR
microfocusoperation_bridge_managerMatch10.61
OR
microfocusoperation_bridge_managerMatch10.62
OR
microfocusoperation_bridge_managerMatch10.63
OR
microfocusoperations_bridge_managerMatch2017.11
OR
microfocusoperations_bridge_managerMatch2018.02
OR
microfocusoperations_bridge_managerMatch2018.05
OR
microfocusoperations_bridge_managerMatch2018.08
OR
microfocusoperations_bridge_managerMatch2018.11
OR
microfocusoperations_bridge_managerMatch2019.05
OR
microfocusoperations_bridge_managerMatch2019.08
OR
microfocusoperations_bridge_managerMatch2019.11
OR
microfocusoperations_bridge_managerMatch2020.05
Node
hpuniversal_cmbd_foundationMatch10.20
OR
hpuniversal_cmbd_foundationMatch10.30
OR
hpuniversal_cmbd_foundationMatch10.31
OR
hpuniversal_cmbd_foundationMatch10.32
OR
hpuniversal_cmbd_foundationMatch10.33
OR
hpuniversal_cmbd_foundationMatch11.0
OR
hpuniversal_cmbd_foundationMatch2018.05
OR
hpuniversal_cmbd_foundationMatch2018.08
OR
hpuniversal_cmbd_foundationMatch2018.11
OR
hpuniversal_cmbd_foundationMatch2019.02
OR
hpuniversal_cmbd_foundationMatch2019.05
OR
hpuniversal_cmbd_foundationMatch2019.11
OR
hpuniversal_cmbd_foundationMatch2020.05.
OR
microfocusapplication_performance_managementMatch9.40
OR
microfocusapplication_performance_managementMatch9.50
OR
microfocusapplication_performance_managementMatch9.51
OR
microfocusdata_center_automationRangeโ‰ค2019.11
OR
microfocushybrid_cloud_managementRange2018.05โ€“2020.05
OR
microfocusservice_manager_automationMatch2020.02
OR
microfocusservice_manager_automationMatch2020.05
CPENameOperatorVersion
microfocus:operation_bridge_managermicrofocus operation bridge managerle10.10
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.11
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.12
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.60
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.61
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.62
microfocus:operation_bridge_managermicrofocus operation bridge managereq10.63
microfocus:operations_bridge_managermicrofocus operations bridge managereq2017.11
microfocus:operations_bridge_managermicrofocus operations bridge managereq2018.02
microfocus:operations_bridge_managermicrofocus operations bridge managereq2018.05
Rows per page:
1-10 of 161

CNA Affected

[
  {
    "product": "Operation Bridge Manager ",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2020.5"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "lessThanOrEqual": "10.63",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Application Performance Management ",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "9.51"
      },
      {
        "status": "affected",
        "version": "9.50"
      },
      {
        "status": "affected",
        "version": "9.40"
      }
    ]
  },
  {
    "product": "Data Center Automation",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Operations Bridge (containerized)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.02"
      },
      {
        "status": "affected",
        "version": "2017.11"
      }
    ]
  },
  {
    "product": "Universal CMDB ",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "11.0"
      },
      {
        "status": "affected",
        "version": "10.33"
      },
      {
        "status": "affected",
        "version": "10.32"
      },
      {
        "status": "affected",
        "version": "10.31"
      },
      {
        "status": "affected",
        "version": "10.30"
      }
    ]
  },
  {
    "product": "Hybrid Cloud Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThanOrEqual": "2020.05",
        "status": "affected",
        "version": "2018.05",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Service Management Automation ",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2020.02"
      }
    ]
  }
]

Social References

More

Related

zdt 2
zdi 40
nuclei 1
packetstorm 2
cvelist 1
prion 1
nvd 1
checkpoint_advisories 1
rapid7blog 2
zdt
zdt
Micro Focus Operations Bridge Manager Remote Code Execution Exploit
2021-02-11 00:00:00
Micro Focus UCMDB Remote Code Execution Exploit
2021-01-28 00:00:00
zdi
zdi
Micro Focus Operations Bridge Manager DiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
Micro Focus Operations Bridge Manager ServiceDiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
Micro Focus Operations Bridge Manager LocationService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
nuclei
nuclei
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
2021-02-26 12:19:32
packetstorm
packetstorm
Micro Focus Operations Bridge Manager Remote Code Execution
2021-02-10 00:00:00
Micro Focus UCMDB Remote Code Execution
2021-01-28 00:00:00
cvelist
cvelist
CVE-2020-11853 Arbitrary code execution vulnerability on multiple Micro Focus products
2020-10-22 20:37:51
prion
prion
Remote code execution
2020-10-22 21:15:00
nvd
nvd
CVE-2020-11853
2020-10-22 21:15:12
checkpoint_advisories
checkpoint_advisories
Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)
2021-02-15 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-02-12 19:26:37
Metasploit Wrap-Up
2021-01-29 21:09:49

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.837 High

EPSS

Percentile

98.5%

JSON
Related for CVE-2020-11853
zdt2zdi40nuclei1packetstorm2cvelist1prion1nvd1checkpoint_advisories1rapid7blog2