Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

Published

2020-10-27T17:15:12.130

Last Modified

2024-11-21T04:58:45.713

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microfocus	application_performance_management	9.50	Yes
Application	microfocus	application_performance_management	9.51	Yes
Application	microfocus	operations_bridge	2017.11	Yes
Application	microfocus	operations_bridge	2018.02	Yes
Application	microfocus	operations_bridge	2018.05	Yes
Application	microfocus	operations_bridge	2018.08	Yes
Application	microfocus	operations_bridge	2018.11	Yes
Application	microfocus	operations_bridge	2019.05	Yes
Application	microfocus	operations_bridge	2019.08	Yes
Application	microfocus	operations_bridge	2020.05	Yes
Application	microfocus	operations_bridge_manager	≤ 10.10	Yes
Application	microfocus	operations_bridge_manager	10.11	Yes
Application	microfocus	operations_bridge_manager	10.12	Yes
Application	microfocus	operations_bridge_manager	10.60	Yes
Application	microfocus	operations_bridge_manager	10.61	Yes
Application	microfocus	operations_bridge_manager	10.62	Yes
Application	microfocus	operations_bridge_manager	10.63	Yes
Application	microfocus	operations_bridge_manager	2018.05	Yes
Application	microfocus	operations_bridge_manager	2018.11	Yes
Application	microfocus	operations_bridge_manager	2019.05	Yes
Application	microfocus	operations_bridge_manager	2019.11	Yes
Application	microfocus	operations_bridge_manager	2020.05	Yes
Application	microfocus	application_performance_management	9.40	Yes
Application	microfocus	universal_cmdb	10.33	No

References

http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html ([email protected])
https://softwaresupport.softwaregrp.com/doc/KM03747657 ([email protected])
https://softwaresupport.softwaregrp.com/doc/KM03747658 ([email protected])
https://softwaresupport.softwaregrp.com/doc/KM03747854 ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ ([email protected])
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html (af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.softwaregrp.com/doc/KM03747657 (af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.softwaregrp.com/doc/KM03747658 (af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.softwaregrp.com/doc/KM03747854 (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ (af854a3a-2127-422b-91ae-364da2661108)