Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-W38W-PQ32-VGXM
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-11-16 19:00
VLAI?
Details
An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-11853"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-22T21:15:00Z",
"severity": "HIGH"
},
"details": "An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code.",
"id": "GHSA-w38w-pq32-vgxm",
"modified": "2022-11-16T19:00:29Z",
"published": "2022-05-24T17:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11853"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2020-11853 (GCVE-0-2020-11853)
Vulnerability from cvelistv5 – Published: 2020-10-22 20:37 – Updated: 2024-08-04 11:42
VLAI?
EPSS
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Severity ?
8.8 (High)
CWE
- Arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Operation Bridge Manager |
Affected:
2020.5
Affected: 2019.11 Affected: 2019.05 Affected: 2018.11 Affected: 2018.05 Affected: unspecified , ≤ 10.63 (custom) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operation Bridge Manager ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.5"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.05"
},
{
"lessThanOrEqual": "10.63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Application Performance Management ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.40"
}
]
},
{
"product": "Data Center Automation",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Operations Bridge (containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.02"
},
{
"status": "affected",
"version": "2017.11"
}
]
},
{
"product": "Universal CMDB ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.33"
},
{
"status": "affected",
"version": "10.32"
},
{
"status": "affected",
"version": "10.31"
},
{
"status": "affected",
"version": "10.30"
}
]
},
{
"product": "Hybrid Cloud Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThanOrEqual": "2020.05",
"status": "affected",
"version": "2018.05",
"versionType": "custom"
}
]
},
{
"product": "Service Management Automation ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2020.02"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T16:06:12",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary code execution vulnerability on multiple Micro Focus products ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11853",
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution vulnerability on multiple Micro Focus products "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operation Bridge Manager ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.5"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "\u003c=",
"version_value": "10.63"
}
]
}
},
{
"product_name": "Application Performance Management ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.51"
},
{
"version_affected": "=",
"version_value": "9.50"
},
{
"version_affected": "=",
"version_value": "9.40"
}
]
}
},
{
"product_name": "Data Center Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Operations Bridge (containerized)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.02"
},
{
"version_affected": "=",
"version_value": "2017.11"
}
]
}
},
{
"product_name": "Universal CMDB ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.33"
},
{
"version_affected": "=",
"version_value": "10.32"
},
{
"version_affected": "=",
"version_value": "10.31"
},
{
"version_affected": "=",
"version_value": "10.30"
}
]
}
},
{
"product_name": "Hybrid Cloud Management",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2018.05",
"version_value": "2020.05"
}
]
}
},
{
"product_name": "Service Management Automation ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2020.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03749879",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747949",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747948",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11853",
"datePublished": "2020-10-22T20:37:51",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…