CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microfocusCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
microfocusoperation_bridge_manager
𝑥
≤ 10.10
microfocusoperation_bridge_manager
10.11
microfocusoperation_bridge_manager
10.12
microfocusoperation_bridge_manager
10.60
microfocusoperation_bridge_manager
10.61
microfocusoperation_bridge_manager
10.62
microfocusoperation_bridge_manager
10.63
microfocusoperations_bridge_manager
2017.11
microfocusoperations_bridge_manager
2018.02
microfocusoperations_bridge_manager
2018.05
microfocusoperations_bridge_manager
2018.08
microfocusoperations_bridge_manager
2018.11
microfocusoperations_bridge_manager
2019.05
microfocusoperations_bridge_manager
2019.08
microfocusoperations_bridge_manager
2019.11
microfocusoperations_bridge_manager
2020.05
hpuniversal_cmbd_foundation
10.20
hpuniversal_cmbd_foundation
10.30
hpuniversal_cmbd_foundation
10.31
hpuniversal_cmbd_foundation
10.32
hpuniversal_cmbd_foundation
10.33
hpuniversal_cmbd_foundation
11.0
hpuniversal_cmbd_foundation
2018.05
hpuniversal_cmbd_foundation
2018.08
hpuniversal_cmbd_foundation
2018.11
hpuniversal_cmbd_foundation
2019.02
hpuniversal_cmbd_foundation
2019.05
hpuniversal_cmbd_foundation
2019.11
hpuniversal_cmbd_foundation
2020.05.
microfocusapplication_performance_management
9.40
microfocusapplication_performance_management
9.50
microfocusapplication_performance_management
9.51
microfocusdata_center_automation
𝑥
≤ 2019.11
microfocushybrid_cloud_management
2018.05 ≤
𝑥
≤ 2020.05
microfocusservice_manager_automation
2020.02
microfocusservice_manager_automation
2020.05
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
https://softwaresupport.softwaregrp.com/doc/KM03747657
https://softwaresupport.softwaregrp.com/doc/KM03747658
https://softwaresupport.softwaregrp.com/doc/KM03747854
https://softwaresupport.softwaregrp.com/doc/KM03747948
https://softwaresupport.softwaregrp.com/doc/KM03747949
https://softwaresupport.softwaregrp.com/doc/KM03747950
https://softwaresupport.softwaregrp.com/doc/KM03749879
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
https://softwaresupport.softwaregrp.com/doc/KM03747657
https://softwaresupport.softwaregrp.com/doc/KM03747658
https://softwaresupport.softwaregrp.com/doc/KM03747854
https://softwaresupport.softwaregrp.com/doc/KM03747948
https://softwaresupport.softwaregrp.com/doc/KM03747949
https://softwaresupport.softwaregrp.com/doc/KM03747950
https://softwaresupport.softwaregrp.com/doc/KM03749879