Vulnerabilites related to microfocus - application_performance_management
cve-2021-22499
Vulnerability from cvelistv5
Published
2021-02-06 00:56
Modified
2024-08-03 18:44
Severity ?
EPSS score ?
Summary
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03775253 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Application Performance Management. |
Version: 9.40 Version: 9.50 Version: 9.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Application Performance Management.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Cross-Site scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T00:56:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Performance Management.",
"version": {
"version_data": [
{
"version_value": "9.40"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Cross-Site scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03775253",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22499",
"datePublished": "2021-02-06T00:56:50",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11853
Vulnerability from cvelistv5
Published
2020-10-22 20:37
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03747658 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747657 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747854 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03749879 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747949 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747948 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747950 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Micro Focus | Operation Bridge Manager |
Version: 2020.5 Version: 2019.11 Version: 2019.05 Version: 2018.11 Version: 2018.05 Version: unspecified < |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operation Bridge Manager ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.5"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.05"
},
{
"lessThanOrEqual": "10.63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Application Performance Management ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.40"
}
]
},
{
"product": "Data Center Automation",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Operations Bridge (containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.02"
},
{
"status": "affected",
"version": "2017.11"
}
]
},
{
"product": "Universal CMDB ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.33"
},
{
"status": "affected",
"version": "10.32"
},
{
"status": "affected",
"version": "10.31"
},
{
"status": "affected",
"version": "10.30"
}
]
},
{
"product": "Hybrid Cloud Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThanOrEqual": "2020.05",
"status": "affected",
"version": "2018.05",
"versionType": "custom"
}
]
},
{
"product": "Service Management Automation ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2020.02"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T16:06:12",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary code execution vulnerability on multiple Micro Focus products ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11853",
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution vulnerability on multiple Micro Focus products "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operation Bridge Manager ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.5"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "\u003c=",
"version_value": "10.63"
}
]
}
},
{
"product_name": "Application Performance Management ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.51"
},
{
"version_affected": "=",
"version_value": "9.50"
},
{
"version_affected": "=",
"version_value": "9.40"
}
]
}
},
{
"product_name": "Data Center Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Operations Bridge (containerized)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.02"
},
{
"version_affected": "=",
"version_value": "2017.11"
}
]
}
},
{
"product_name": "Universal CMDB ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.33"
},
{
"version_affected": "=",
"version_value": "10.32"
},
{
"version_affected": "=",
"version_value": "10.31"
},
{
"version_affected": "=",
"version_value": "10.30"
}
]
}
},
{
"product_name": "Hybrid Cloud Management",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2018.05",
"version_value": "2020.05"
}
]
}
},
{
"product_name": "Service Management Automation ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2020.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03749879",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747949",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747948",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11853",
"datePublished": "2020-10-22T20:37:51",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11854
Vulnerability from cvelistv5
Published
2020-10-27 16:29
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03747658 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747657 | x_refsource_MISC | |
| https://softwaresupport.softwaregrp.com/doc/KM03747854 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Micro Focus | Application Performance Management |
Version: 9.51 Version: 9.50 Version: 9.40 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Application Performance Management ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.40"
}
]
},
{
"product": "Operation Bridge (containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.02"
},
{
"status": "affected",
"version": "2017.11"
}
]
},
{
"product": "Operation Bridge Manager",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "10.63"
},
{
"status": "affected",
"version": "10.62"
},
{
"status": "affected",
"version": "10.61"
},
{
"status": "affected",
"version": "10.60"
},
{
"status": "affected",
"version": "10.12"
},
{
"status": "affected",
"version": "10.11"
},
{
"lessThanOrEqual": "10.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution."
}
],
"exploits": [
{
"lang": "en",
"value": "Arbitrary code execution. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T15:06:08",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11854",
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Performance Management ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.51"
},
{
"version_affected": "=",
"version_value": "9.50"
},
{
"version_affected": "=",
"version_value": "9.40"
}
]
}
},
{
"product_name": "Operation Bridge (containerized)",
"version": {
"version_data": [
{
"version_value": "2020.05"
},
{
"version_value": "2019.08"
},
{
"version_value": "2019.05"
},
{
"version_value": "2018.11"
},
{
"version_value": "2018.08"
},
{
"version_value": "2018.05"
},
{
"version_value": "2018.02"
},
{
"version_value": "2017.11"
}
]
}
},
{
"product_name": "Operation Bridge Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "10.63"
},
{
"version_affected": "=",
"version_value": "10.62"
},
{
"version_affected": "=",
"version_value": "10.61"
},
{
"version_affected": "=",
"version_value": "10.60"
},
{
"version_affected": "=",
"version_value": "10.12"
},
{
"version_affected": "=",
"version_value": "10.11"
},
{
"version_affected": "\u003c=",
"version_value": "10.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Arbitrary code execution. "
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
},
{
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11854",
"datePublished": "2020-10-27T16:29:44",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22514
Vulnerability from cvelistv5
Published
2021-04-28 11:06
Modified
2024-08-03 18:44
Severity ?
EPSS score ?
Summary
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03806649 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Application Performance Management (APM) |
Version: Micro Focus Application Performance Management 9.40, 9.50 and 9.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03806649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Application Performance Management (APM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus Application Performance Management 9.40, 9.50 and 9.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T11:06:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03806649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Performance Management (APM)",
"version": {
"version_data": [
{
"version_value": "Micro Focus Application Performance Management 9.40, 9.50 and 9.51"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03806649",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03806649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22514",
"datePublished": "2021-04-28T11:06:28",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:13.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22500
Vulnerability from cvelistv5
Published
2021-02-06 01:03
Modified
2024-08-03 18:44
Severity ?
EPSS score ?
Summary
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03775253 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Application Performance Management |
Version: 9.40, 9.50, 9.51 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Application Performance Management",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.40, 9.50, 9.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker\u0027s choosing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Request Forgery.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T01:03:04",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Performance Management",
"version": {
"version_data": [
{
"version_value": "9.40, 9.50, 9.51"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker\u0027s choosing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03775253",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22500",
"datePublished": "2021-02-06T01:03:04",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-04-28 12:15
Modified
2024-11-21 05:50
Severity ?
Summary
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | application_performance_management | 9.40 | |
| microfocus | application_performance_management | 9.50 | |
| microfocus | application_performance_management | 9.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C520D74-D011-4C1E-9429-BA0A38BC0D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3938F6-E50A-480B-8219-0B210983525E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C419162B-A41C-49D0-9293-5F10B8A911EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en Micro Focus Application Performance Management, que afecta a versiones 9.40, 9.50 y 9.51.\u0026#xa0;La vulnerabilidad podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de APM"
}
],
"id": "CVE-2021-22514",
"lastModified": "2024-11-21T05:50:15.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T12:15:08.317",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03806649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03806649"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 01:15
Modified
2024-11-21 05:50
Severity ?
Summary
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | application_performance_management | 9.40 | |
| microfocus | application_performance_management | 9.50 | |
| microfocus | application_performance_management | 9.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C520D74-D011-4C1E-9429-BA0A38BC0D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3938F6-E50A-480B-8219-0B210983525E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C419162B-A41C-49D0-9293-5F10B8A911EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site scripting persistente en el producto Micro Focus Application Performance Management, afecta a versiones 9.40, 9.50 y 9.51.\u0026#xa0;La vulnerabilidad podr\u00eda permitir un ataque de tipo XSS persistente"
}
],
"id": "CVE-2021-22499",
"lastModified": "2024-11-21T05:50:13.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T01:15:13.917",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-06 02:15
Modified
2024-11-21 05:50
Severity ?
Summary
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | application_performance_management | 9.40 | |
| microfocus | application_performance_management | 9.50 | |
| microfocus | application_performance_management | 9.51 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C520D74-D011-4C1E-9429-BA0A38BC0D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3938F6-E50A-480B-8219-0B210983525E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C419162B-A41C-49D0-9293-5F10B8A911EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker\u0027s choosing."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Request Forgery en el producto Micro Focus Application Performance Management, afectando a versiones 9.40, 9.50 y 9.51.\u0026#xa0;La vulnerabilidad podr\u00eda ser explotada por un atacante para enga\u00f1ar a usuarios a que ejecuten acciones de su elecci\u00f3n"
}
],
"id": "CVE-2021-22500",
"lastModified": "2024-11-21T05:50:14.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-06T02:15:12.743",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03775253"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-27 17:15
Modified
2024-11-21 04:58
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3938F6-E50A-480B-8219-0B210983525E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C419162B-A41C-49D0-9293-5F10B8A911EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:*:*:*:*",
"matchCriteriaId": "22CE2A4E-D42B-47F7-BFC1-EA498795D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:*:*:*:*",
"matchCriteriaId": "88D1F756-6699-4046-AC9F-FED971A26B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "68B8CDAA-33CF-4B9D-954B-1976160A1A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*",
"matchCriteriaId": "5C945B57-F9CB-4282-9D0E-F552B8AD1AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7939DB7E-484A-477F-A303-BD5B1EF9BD4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2019.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6212937A-A038-41B6-929E-F8A1C2DB41A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2019.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A28436C6-6A21-4A1D-A1E0-C4F224DB669A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge:2020.05:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F4EB07-6B54-4EB1-9C47-7D42BADA6C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F47B66-7FAD-44C9-9C8C-8DD785F4B297",
"versionEndIncluding": "10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1E38A260-424C-4B73-A502-75394F64AEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0B3E96-BEE7-4F04-8FB7-633C42DEBEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEC1A77-DFF5-4E35-BD25-9ED3EEC77702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9328132A-CB29-4252-B0DE-32E1AE402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.62:*:*:*:*:*:*:*",
"matchCriteriaId": "6C163191-6D2E-4403-B416-ED29174B5781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:10.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C552EF-2ADA-4293-8DA6-8EFF201FD2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A2E37C-69DC-42AC-BE72-475561249F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F169AF11-4F4D-4A17-8808-8F5E5822D17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*",
"matchCriteriaId": "65B2691B-246F-4305-943F-392062AD7C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD9DF2A-E5D3-48DD-8D0A-CD2C333E5354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5F113173-2ECD-4FF6-A664-A9AABFD448CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C520D74-D011-4C1E-9429-BA0A38BC0D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:universal_cmdb:10.33:cumulative_update_package_3:*:*:*:*:*:*",
"matchCriteriaId": "B7648EAC-3790-4C80-AC6B-70C3745F52AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitraria en Operation Bridge Manager, Application Performance Management y Operations Bridge (en contenedores). Vulnerabilidad en los productos Micro Focus Operation Bridge Manager, Operation Bridge (containerized) y Application Performance Management.\u0026#xa0;La vulnerabilidad afecta: 1.) Operation Bridge Manager versiones 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 y todas las versiones anteriores.\u0026#xa0;2.) Operations Bridge (en contenedores) versiones: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05.\u0026#xa0;2018.02 y 2017.11.\u0026#xa0;3.) Application Performance Management versiones: 9,51, 9.50 y 9.40 con uCMDB versi\u00f3n 10.33 CUP 3. La vulnerabilidad podr\u00eda permitir una ejecuci\u00f3n de c\u00f3digo Arbitraria"
}
],
"id": "CVE-2020-11854",
"lastModified": "2024-11-21T04:58:45.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-27T17:15:12.130",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"source": "security@opentext.com",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1287/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21BA18A2-15CE-48B7-8F13-8C0476804B3B",
"versionEndIncluding": "10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D910D663-EE30-4EFF-8558-0B8B709819E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D2F315-A890-487D-8EFE-ECA8EAC7FEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.60:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCFB90A-4A8F-4D30-AF04-BBAD86989B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.61:*:*:*:*:*:*:*",
"matchCriteriaId": "55B43056-AB61-4F0C-AB94-F90AB31D27F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.62:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF64CB5-6F17-4CCD-A003-1464FE4899C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operation_bridge_manager:10.63:*:*:*:*:*:*:*",
"matchCriteriaId": "11500010-6600-4AB0-866C-493387E13761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2017.11:*:*:*:*:*:*:*",
"matchCriteriaId": "80D8CF48-8374-4E55-9247-D5A3419FC99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.02:*:*:*:*:*:*:*",
"matchCriteriaId": "74ACF007-0FD3-4D06-9632-4EC39BAAF32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A2E37C-69DC-42AC-BE72-475561249F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.08:*:*:*:*:*:*:*",
"matchCriteriaId": "918B50F0-28E3-4AA7-80F0-EF4288CBD4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F169AF11-4F4D-4A17-8808-8F5E5822D17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*",
"matchCriteriaId": "65B2691B-246F-4305-943F-392062AD7C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2019.08:*:*:*:*:*:*:*",
"matchCriteriaId": "89ED30B9-1926-4837-B080-94FD7DDE68D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD9DF2A-E5D3-48DD-8D0A-CD2C333E5354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*",
"matchCriteriaId": "5F113173-2ECD-4FF6-A664-A9AABFD448CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE51B2D-7DF1-4508-B5A3-032E20A46188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7D80AC-FB54-47A3-81A5-DFB5BB6A15DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "3A60D591-60F6-4CE6-9AE3-47BF4CF95AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "33C0BC34-52AB-4F53-A145-F162CB877402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5D2048-E648-4D2A-89F6-2A69873E761F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9079A929-F91A-4884-98B5-E35457299975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "645685F7-B350-4962-B3CC-8BB5DBA23FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2018.08:*:*:*:*:*:*:*",
"matchCriteriaId": "043CB83F-534C-4685-89CD-4D64EBB5E827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "62B4D5CD-32CD-4C77-B0F5-B141ABC6EF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2019.02:*:*:*:*:*:*:*",
"matchCriteriaId": "70541547-BDBC-4208-82AC-B02B4C3A327A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2019.05:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD0E1AD-BF98-4378-8DCA-F9BDB68906BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2019.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA36063-7673-400A-A24C-7DBC6E63CDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hp:universal_cmbd_foundation:2020.05.:*:*:*:*:*:*:*",
"matchCriteriaId": "699C61B7-FFBB-4CBC-A446-CF5B43E209F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3C520D74-D011-4C1E-9429-BA0A38BC0D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3938F6-E50A-480B-8219-0B210983525E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C419162B-A41C-49D0-9293-5F10B8A911EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_center_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA6ADC1-7E2E-4550-9E1F-762EFAAE26A2",
"versionEndIncluding": "2019.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D21D35-C6EC-4EFA-94E1-80AD1FA9275A",
"versionEndIncluding": "2020.05",
"versionStartIncluding": "2018.05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_manager_automation:2020.02:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEA01BB-0446-40CD-999A-BC2B5F4A4AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_manager_automation:2020.05:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73BD57-90E9-42BE-9BAD-BA7F3FE252FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario que afecta a m\u00faltiples productos de Micro Focus. 1.) Operation Bridge Manager que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versiones 10.6x y 10.1x y versiones anteriores. 2.) Application Performance Management que afecta a las versiones: 9.51, 9.50 y 9.40 con uCMDB 10.33 CUP 3 3.) Data Center Automation que afecta a la versi\u00f3n 2019.11 4.) Operations Bridge (contenedor) afectando a las versiones: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) CMDB universal que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management que afecta a la versi\u00f3n 2020.05 7.) Service Management Automation que afecta a la versi\u00f3n 2020.5 y 2020.02. La vulnerabilidad podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2020-11853",
"lastModified": "2024-11-21T04:58:45.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:12.747",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}