Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-99J9-W4CP-4529
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI?
Details
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
{
"affected": [],
"aliases": [
"CVE-2020-11844"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-29T22:15:00Z",
"severity": "HIGH"
},
"details": "There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.",
"id": "GHSA-99j9-w4cp-4529",
"modified": "2022-05-24T17:18:54Z",
"published": "2022-05-24T17:18:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11844"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645628"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645629"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645630"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645631"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645636"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645642"
},
{
"type": "WEB",
"url": "https://support.microfocus.com/kb/doc.php?id=7024637"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2020-11844 (GCVE-0-2020-11844)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:15 – Updated: 2024-08-04 11:42
VLAI?
EPSS
Summary
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
Severity ?
10 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Hybrid Cloud Management |
Affected:
2018.05 , < 2019.11
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645631"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7024637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hybrid Cloud Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThan": "2019.11",
"status": "affected",
"version": "2018.05",
"versionType": "custom"
}
]
},
{
"product": "ArcSight Investigate. versions",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"product": "ArcSight Transformation Hub",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.2.0"
}
]
},
{
"product": "ArcSight Interset",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
]
},
{
"product": "ArcSight ESM (when ArcSight Fusion",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "7.2.1"
}
]
},
{
"product": "Service Management Automation (SMA)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2020.02"
}
]
},
{
"product": " Operation Bridge Suite (Containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.8"
},
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Network Operation Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThanOrEqual": "2019.11",
"status": "affected",
"version": "2017.11",
"versionType": "custom"
}
]
},
{
"product": "Data Center Automation Containerized",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Identity Intelligence. versions",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "next of 1.1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation."
}
],
"exploits": [
{
"lang": "en",
"value": "CWE-863 Incorrect Authorization"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:54",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645631"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7024637"
}
],
"solutions": [
{
"lang": "en",
"value": "For Data Center Automation Containerized https://softwaresupport.softwaregrp.com/doc/KM03645628\nFor Network Operation Management https://softwaresupport.softwaregrp.com/doc/KM03645629\nFor Operation Bridge Suite https://softwaresupport.softwaregrp.com/doc/KM03645630\nFor SMA https://softwaresupport.softwaregrp.com/doc/KM03645631\nFor ArcSight apps https://softwaresupport.softwaregrp.com/doc/KM03645642\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03645636\nFor Identity Intelligence https://support.microfocus.com/kb/doc.php?id=7024637\" } ] }"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11844",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hybrid Cloud Management",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2018.05",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "ArcSight Investigate. versions",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.4.0"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
}
]
}
},
{
"product_name": "ArcSight Transformation Hub",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.2.0"
}
]
}
},
{
"product_name": "ArcSight Interset",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
}
]
}
},
{
"product_name": "ArcSight ESM (when ArcSight Fusion",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.1"
}
]
}
},
{
"product_name": "Service Management Automation (SMA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2020.02"
}
]
}
},
{
"product_name": " Operation Bridge Suite (Containerized)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.8"
},
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Network Operation Management",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2017.11",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Data Center Automation Containerized",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Identity Intelligence. versions",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "!\u003e",
"version_value": "1.1.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation."
}
]
},
"exploit": [
{
"lang": "en",
"value": "CWE-863 Incorrect Authorization"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645636",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645636"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645642",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645642"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645631",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645631"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645630",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645630"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645629",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645629"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645628",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645628"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7024637",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7024637"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Data Center Automation Containerized https://softwaresupport.softwaregrp.com/doc/KM03645628\nFor Network Operation Management https://softwaresupport.softwaregrp.com/doc/KM03645629\nFor Operation Bridge Suite https://softwaresupport.softwaregrp.com/doc/KM03645630\nFor SMA https://softwaresupport.softwaregrp.com/doc/KM03645631\nFor ArcSight apps https://softwaresupport.softwaregrp.com/doc/KM03645642\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03645636\nFor Identity Intelligence https://support.microfocus.com/kb/doc.php?id=7024637\" } ] }"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11844",
"datePublished": "2020-05-29T21:15:23",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…