CVE-2020-11853 (GCVE-0-2020-11853)

Vulnerability from cvelistv5 – Published: 2020-10-22 20:37 – Updated: 2024-08-04 11:42
VLAI?
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • Arbitrary code execution
Assigner
References
Impacted products
Vendor Product Version
Micro Focus Operation Bridge Manager Affected: 2020.5
Affected: 2019.11
Affected: 2019.05
Affected: 2018.11
Affected: 2018.05
Affected: unspecified , ≤ 10.63 (custom)
Create a notification for this product.
    Micro Focus Application Performance Management Affected: 9.51
Affected: 9.50
Affected: 9.40
Create a notification for this product.
    Micro Focus Data Center Automation Affected: 2019.11
Create a notification for this product.
    Micro Focus Operations Bridge (containerized) Affected: 2019.11
Affected: 2019.08
Affected: 2019.05
Affected: 2018.11
Affected: 2018.08
Affected: 2018.05
Affected: 2018.02
Affected: 2017.11
Create a notification for this product.
    Micro Focus Universal CMDB Affected: 2020.05
Affected: 2019.11
Affected: 2019.05
Affected: 2019.02
Affected: 2018.11
Affected: 2018.08
Affected: 2018.05
Affected: 11.0
Affected: 10.33
Affected: 10.32
Affected: 10.31
Affected: 10.30
Create a notification for this product.
    Micro Focus Hybrid Cloud Management Affected: 2018.05 , ≤ 2020.05 (custom)
Create a notification for this product.
    Micro Focus Service Management Automation Affected: 2020.05
Affected: 2020.02
Create a notification for this product.
Credits
Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Operation Bridge Manager ",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "2020.5"
            },
            {
              "status": "affected",
              "version": "2019.11"
            },
            {
              "status": "affected",
              "version": "2019.05"
            },
            {
              "status": "affected",
              "version": "2018.11"
            },
            {
              "status": "affected",
              "version": "2018.05"
            },
            {
              "lessThanOrEqual": "10.63",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Application Performance Management ",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "9.51"
            },
            {
              "status": "affected",
              "version": "9.50"
            },
            {
              "status": "affected",
              "version": "9.40"
            }
          ]
        },
        {
          "product": "Data Center Automation",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "2019.11"
            }
          ]
        },
        {
          "product": "Operations Bridge (containerized)",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "2019.11"
            },
            {
              "status": "affected",
              "version": "2019.08"
            },
            {
              "status": "affected",
              "version": "2019.05"
            },
            {
              "status": "affected",
              "version": "2018.11"
            },
            {
              "status": "affected",
              "version": "2018.08"
            },
            {
              "status": "affected",
              "version": "2018.05"
            },
            {
              "status": "affected",
              "version": "2018.02"
            },
            {
              "status": "affected",
              "version": "2017.11"
            }
          ]
        },
        {
          "product": "Universal CMDB ",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "2020.05"
            },
            {
              "status": "affected",
              "version": "2019.11"
            },
            {
              "status": "affected",
              "version": "2019.05"
            },
            {
              "status": "affected",
              "version": "2019.02"
            },
            {
              "status": "affected",
              "version": "2018.11"
            },
            {
              "status": "affected",
              "version": "2018.08"
            },
            {
              "status": "affected",
              "version": "2018.05"
            },
            {
              "status": "affected",
              "version": "11.0"
            },
            {
              "status": "affected",
              "version": "10.33"
            },
            {
              "status": "affected",
              "version": "10.32"
            },
            {
              "status": "affected",
              "version": "10.31"
            },
            {
              "status": "affected",
              "version": "10.30"
            }
          ]
        },
        {
          "product": "Hybrid Cloud Management",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "lessThanOrEqual": "2020.05",
              "status": "affected",
              "version": "2018.05",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Service Management Automation ",
          "vendor": "Micro Focus ",
          "versions": [
            {
              "status": "affected",
              "version": "2020.05"
            },
            {
              "status": "affected",
              "version": "2020.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T16:06:12",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary code execution vulnerability on multiple Micro Focus products ",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2020-11853",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary code execution vulnerability on multiple Micro Focus products "
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Operation Bridge Manager ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2020.5"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.05"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.63"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Application Performance Management ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "9.51"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.50"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.40"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Data Center Automation",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2019.11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Operations Bridge (containerized)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2019.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.08"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.08"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.02"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2017.11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Universal CMDB ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2020.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2019.02"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.11"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.08"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2018.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.33"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.32"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.31"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.30"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hybrid Cloud Management",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2018.05",
                            "version_value": "2020.05"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Service Management Automation ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2020.05"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2020.02"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus "
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Arbitrary code execution."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03749879",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747949",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747948",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
              "refsource": "MISC",
              "url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
            },
            {
              "name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2020-11853",
    "datePublished": "2020-10-22T20:37:51",
    "dateReserved": "2020-04-16T00:00:00",
    "dateUpdated": "2024-08-04T11:42:00.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.10\", \"matchCriteriaId\": \"21BA18A2-15CE-48B7-8F13-8C0476804B3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D910D663-EE30-4EFF-8558-0B8B709819E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4D2F315-A890-487D-8EFE-ECA8EAC7FEB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBCFB90A-4A8F-4D30-AF04-BBAD86989B1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55B43056-AB61-4F0C-AB94-F90AB31D27F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFF64CB5-6F17-4CCD-A003-1464FE4899C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operation_bridge_manager:10.63:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11500010-6600-4AB0-866C-493387E13761\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2017.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80D8CF48-8374-4E55-9247-D5A3419FC99D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2018.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74ACF007-0FD3-4D06-9632-4EC39BAAF32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1A2E37C-69DC-42AC-BE72-475561249F24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2018.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"918B50F0-28E3-4AA7-80F0-EF4288CBD4EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F169AF11-4F4D-4A17-8808-8F5E5822D17C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65B2691B-246F-4305-943F-392062AD7C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2019.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89ED30B9-1926-4837-B080-94FD7DDE68D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFD9DF2A-E5D3-48DD-8D0A-CD2C333E5354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F113173-2ECD-4FF6-A664-A9AABFD448CA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:10.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BE51B2D-7DF1-4508-B5A3-032E20A46188\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:10.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D7D80AC-FB54-47A3-81A5-DFB5BB6A15DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:10.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A60D591-60F6-4CE6-9AE3-47BF4CF95AE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:10.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C0BC34-52AB-4F53-A145-F162CB877402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:10.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5D2048-E648-4D2A-89F6-2A69873E761F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9079A929-F91A-4884-98B5-E35457299975\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2018.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"645685F7-B350-4962-B3CC-8BB5DBA23FD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2018.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"043CB83F-534C-4685-89CD-4D64EBB5E827\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2018.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62B4D5CD-32CD-4C77-B0F5-B141ABC6EF37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2019.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70541547-BDBC-4208-82AC-B02B4C3A327A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2019.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BD0E1AD-BF98-4378-8DCA-F9BDB68906BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2019.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBA36063-7673-400A-A24C-7DBC6E63CDDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:universal_cmbd_foundation:2020.05.:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"699C61B7-FFBB-4CBC-A446-CF5B43E209F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C520D74-D011-4C1E-9429-BA0A38BC0D28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E3938F6-E50A-480B-8219-0B210983525E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C419162B-A41C-49D0-9293-5F10B8A911EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:data_center_automation:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2019.11\", \"matchCriteriaId\": \"3CA6ADC1-7E2E-4550-9E1F-762EFAAE26A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:hybrid_cloud_management:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2018.05\", \"versionEndIncluding\": \"2020.05\", \"matchCriteriaId\": \"48D21D35-C6EC-4EFA-94E1-80AD1FA9275A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:service_manager_automation:2020.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDEA01BB-0446-40CD-999A-BC2B5F4A4AD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:service_manager_automation:2020.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D73BD57-90E9-42BE-9BAD-BA7F3FE252FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo arbitrario que afecta a m\\u00faltiples productos de Micro Focus. 1.) Operation Bridge Manager que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versiones 10.6x y 10.1x y versiones anteriores. 2.) Application Performance Management que afecta a las versiones: 9.51, 9.50 y 9.40 con uCMDB 10.33 CUP 3 3.) Data Center Automation que afecta a la versi\\u00f3n 2019.11 4.) Operations Bridge (contenedor) afectando a las versiones: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) CMDB universal que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management que afecta a la versi\\u00f3n 2020.05 7.) Service Management Automation que afecta a la versi\\u00f3n 2020.5 y 2020.02. La vulnerabilidad podr\\u00eda permitir a los atacantes remotos ejecutar c\\u00f3digo arbitrario\"}]",
      "id": "CVE-2020-11853",
      "lastModified": "2024-11-21T04:58:45.563",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-22T21:15:12.747",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747657\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747658\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747854\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747948\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747949\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747950\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03749879\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747854\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03747950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/doc/KM03749879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11853\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2020-10-22T21:15:12.747\",\"lastModified\":\"2024-11-21T04:58:45.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario que afecta a m\u00faltiples productos de Micro Focus. 1.) Operation Bridge Manager que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versiones 10.6x y 10.1x y versiones anteriores. 2.) Application Performance Management que afecta a las versiones: 9.51, 9.50 y 9.40 con uCMDB 10.33 CUP 3 3.) Data Center Automation que afecta a la versi\u00f3n 2019.11 4.) Operations Bridge (contenedor) afectando a las versiones: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) CMDB universal que afecta a las versiones: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management que afecta a la versi\u00f3n 2020.05 7.) Service Management Automation que afecta a la versi\u00f3n 2020.5 y 2020.02. La vulnerabilidad podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.10\",\"matchCriteriaId\":\"21BA18A2-15CE-48B7-8F13-8C0476804B3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D910D663-EE30-4EFF-8558-0B8B709819E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4D2F315-A890-487D-8EFE-ECA8EAC7FEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBCFB90A-4A8F-4D30-AF04-BBAD86989B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55B43056-AB61-4F0C-AB94-F90AB31D27F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFF64CB5-6F17-4CCD-A003-1464FE4899C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operation_bridge_manager:10.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11500010-6600-4AB0-866C-493387E13761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2017.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80D8CF48-8374-4E55-9247-D5A3419FC99D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2018.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74ACF007-0FD3-4D06-9632-4EC39BAAF32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1A2E37C-69DC-42AC-BE72-475561249F24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2018.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"918B50F0-28E3-4AA7-80F0-EF4288CBD4EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F169AF11-4F4D-4A17-8808-8F5E5822D17C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65B2691B-246F-4305-943F-392062AD7C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2019.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89ED30B9-1926-4837-B080-94FD7DDE68D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFD9DF2A-E5D3-48DD-8D0A-CD2C333E5354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F113173-2ECD-4FF6-A664-A9AABFD448CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:10.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE51B2D-7DF1-4508-B5A3-032E20A46188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:10.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7D80AC-FB54-47A3-81A5-DFB5BB6A15DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:10.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A60D591-60F6-4CE6-9AE3-47BF4CF95AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:10.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C0BC34-52AB-4F53-A145-F162CB877402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:10.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5D2048-E648-4D2A-89F6-2A69873E761F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9079A929-F91A-4884-98B5-E35457299975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2018.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645685F7-B350-4962-B3CC-8BB5DBA23FD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2018.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"043CB83F-534C-4685-89CD-4D64EBB5E827\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2018.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B4D5CD-32CD-4C77-B0F5-B141ABC6EF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2019.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70541547-BDBC-4208-82AC-B02B4C3A327A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2019.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BD0E1AD-BF98-4378-8DCA-F9BDB68906BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2019.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA36063-7673-400A-A24C-7DBC6E63CDDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:universal_cmbd_foundation:2020.05.:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"699C61B7-FFBB-4CBC-A446-CF5B43E209F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C520D74-D011-4C1E-9429-BA0A38BC0D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E3938F6-E50A-480B-8219-0B210983525E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C419162B-A41C-49D0-9293-5F10B8A911EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:data_center_automation:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2019.11\",\"matchCriteriaId\":\"3CA6ADC1-7E2E-4550-9E1F-762EFAAE26A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:hybrid_cloud_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2018.05\",\"versionEndIncluding\":\"2020.05\",\"matchCriteriaId\":\"48D21D35-C6EC-4EFA-94E1-80AD1FA9275A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_manager_automation:2020.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDEA01BB-0446-40CD-999A-BC2B5F4A4AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:service_manager_automation:2020.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D73BD57-90E9-42BE-9BAD-BA7F3FE252FE\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html\",\"source\":\"security@opentext.com\"},{\"url\":\"http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747657\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747658\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747854\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747948\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747949\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747950\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03749879\",\"source\":\"security@opentext.com\"},{\"url\":\"http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03747950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03749879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.