CVE-2020-11853
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/10/2020
Last modified:
07/11/2023
Description
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:* | 10.10 (including) | |
| cpe:2.3:a:microfocus:operation_bridge_manager:10.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operation_bridge_manager:10.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operation_bridge_manager:10.60:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operation_bridge_manager:10.61:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operation_bridge_manager:10.62:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operation_bridge_manager:10.63:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2017.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2018.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2018.08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2019.08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
- https://softwaresupport.softwaregrp.com/doc/KM03747657
- https://softwaresupport.softwaregrp.com/doc/KM03747658
- https://softwaresupport.softwaregrp.com/doc/KM03747854
- https://softwaresupport.softwaregrp.com/doc/KM03747948
- https://softwaresupport.softwaregrp.com/doc/KM03747949
- https://softwaresupport.softwaregrp.com/doc/KM03747950
- https://softwaresupport.softwaregrp.com/doc/KM03749879