Lucene search
HistoryOct 28, 2020 - 12:00 a.m.
Micro Focus Operations Bridge Manager DiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-2800:00:00
Pedro Ribeiro ([email protected] | @pedrib1337) from Agile Information Security
www.zerodayinitiative.com
8
0.837 High
EPSS
Percentile
98.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DiscoveryService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
zdt
zdt
Micro Focus Operations Bridge Manager Remote Code Execution Exploit
2021-02-11 00:00:00
Micro Focus UCMDB Remote Code Execution Exploit
2021-01-28 00:00:00
zdi
zdi
nuclei
nuclei
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
2021-02-26 12:19:32
packetstorm
packetstorm
Micro Focus Operations Bridge Manager Remote Code Execution
2021-02-10 00:00:00
Micro Focus UCMDB Remote Code Execution
2021-01-28 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2020-11853
2020-10-22 21:15:12
cve
cve
CVE-2020-11853
2020-10-22 21:15:12
prion
prion
Remote code execution
2020-10-22 21:15:00
checkpoint_advisories
checkpoint_advisories
Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)
2021-02-15 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-02-12 19:26:37
Metasploit Wrap-Up
2021-01-29 21:09:49