Lucene search

MicrofocusCVELIST:CVE-2020-11844

HistoryMay 29, 2020 - 9:15 p.m.

CVE-2020-11844 Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.

2020-05-2921:15:23

CWE-863

microfocus

www.cve.org

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

CNA Affected

[
  {
    "product": "Hybrid Cloud Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThan": "2019.11",
        "status": "affected",
        "version": "2018.05",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ArcSight Investigate. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  },
  {
    "product": "ArcSight Transformation Hub",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.2.0"
      }
    ]
  },
  {
    "product": "ArcSight Interset",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0"
      }
    ]
  },
  {
    "product": "ArcSight ESM (when ArcSight Fusion",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.1"
      }
    ]
  },
  {
    "product": "Service Management Automation (SMA)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2020.02"
      }
    ]
  },
  {
    "product": " Operation Bridge Suite (Containerized)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.8"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Network Operation Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThanOrEqual": "2019.11",
        "status": "affected",
        "version": "2017.11",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Data Center Automation Containerized",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Identity Intelligence. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "next of 1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

References

softwaresupport.softwaregrp.com/doc/KM03645628

softwaresupport.softwaregrp.com/doc/KM03645629

softwaresupport.softwaregrp.com/doc/KM03645630

softwaresupport.softwaregrp.com/doc/KM03645631

softwaresupport.softwaregrp.com/doc/KM03645636

softwaresupport.softwaregrp.com/doc/KM03645642

support.microfocus.com/kb/doc.php?id=7024637

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVELIST:CVE-2020-11844