Lucene search
HistoryOct 28, 2020 - 12:00 a.m.
Micro Focus Operations Bridge Manager PatternService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-2800:00:00
Pedro Ribeiro ([email protected] | @pedrib1337) from Agile Information Security
www.zerodayinitiative.com
14
remote code execution
authentication bypass
patternservice endpoint
data deserialization
system context
EPSS
0.8
Percentile
98.4%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the PatternService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
zdt
zdt
Micro Focus Operations Bridge Manager Remote Code Execution Exploit
2021-02-11 00:00:00
Micro Focus UCMDB Remote Code Execution Exploit
2021-01-28 00:00:00
metasploit
metasploit
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
2021-01-28 11:21:51
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
2021-01-24 15:25:45
nuclei
nuclei
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
2021-02-26 12:19:32
zdi
zdi
cvelist
cvelist
packetstorm
packetstorm
Micro Focus Operations Bridge Manager Remote Code Execution
2021-02-10 00:00:00
Micro Focus UCMDB Remote Code Execution
2021-01-28 00:00:00
prion
prion
Remote code execution
2020-10-22 21:15:00
nvd
nvd
CVE-2020-11853
2020-10-22 21:15:12
cve
cve
CVE-2020-11853
2020-10-22 21:15:12
checkpoint_advisories
checkpoint_advisories
Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)
2021-02-15 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-02-12 19:26:37
Metasploit Wrap-Up
2021-01-29 21:09:49