CVE-2020-11854

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-11854
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://softwaresupport.softwaregrp.com/doc/KM03747658 Vendor Advisory
https://softwaresupport.softwaregrp.com/doc/KM03747657 Vendor Advisory
https://softwaresupport.softwaregrp.com/doc/KM03747854 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2019.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2019.08:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2020.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.60:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.61:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.62:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.63:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.33:cumulative_update_package_3:*:*:*:*:*:*
Information

Published : 2020-10-27 10:15

Updated : 2022-04-26 09:31

NVD link : CVE-2020-11854

Mitre link : CVE-2020-11854

JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa
Products Affected

microfocus

  • operations_bridge_manager
  • operations_bridge
  • universal_cmdb
  • application_performance_management