Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPedro Ribeiro ([email protected] | @pedrib1337) from Agile Information SecurityZDI-20-1324
HistoryOct 28, 2020 - 12:00 a.m.

Micro Focus Operations Bridge Manager LicensingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability

2020-10-2800:00:00
Pedro Ribeiro ([email protected] | @pedrib1337) from Agile Information Security
www.zerodayinitiative.com
18
remote code execution
micro focus operations bridge manager
authentication bypass
licensingservice endpoint
untrusted data deserialization
system context

EPSS

0.8

Percentile

98.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the LicensingService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

Related

zdt 2
metasploit 2
nuclei 1
zdi 39
prion 1
cvelist 1
packetstorm 2
nvd 1
cve 1
checkpoint_advisories 1
rapid7blog 2
zdt
zdt
Micro Focus Operations Bridge Manager Remote Code Execution Exploit
2021-02-11 00:00:00
Micro Focus UCMDB Remote Code Execution Exploit
2021-01-28 00:00:00
metasploit
metasploit
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
2021-01-28 11:21:51
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
2021-01-24 15:25:45
nuclei
nuclei
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
2021-02-26 12:19:32
zdi
zdi
Micro Focus Operations Bridge Manager PatternService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
Micro Focus Operations Bridge Manager LocationService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
Micro Focus Operations Bridge Manager ServiceDiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28 00:00:00
prion
prion
Remote code execution
2020-10-22 21:15:00
cvelist
cvelist
CVE-2020-11853 Arbitrary code execution vulnerability on multiple Micro Focus products
2020-10-22 20:37:51
packetstorm
packetstorm
Micro Focus Operations Bridge Manager Remote Code Execution
2021-02-10 00:00:00
Micro Focus UCMDB Remote Code Execution
2021-01-28 00:00:00
nvd
nvd
CVE-2020-11853
2020-10-22 21:15:12
cve
cve
CVE-2020-11853
2020-10-22 21:15:12
checkpoint_advisories
checkpoint_advisories
Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)
2021-02-15 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-02-12 19:26:37
Metasploit Wrap-Up
2021-01-29 21:09:49

EPSS

0.8

Percentile

98.4%

JSON
Related for ZDI-20-1324
zdt2metasploit2nuclei1zdi39prion1cvelist1packetstorm2nvd1cve1checkpoint_advisories1rapid7blog2