Vulnerability Details : CVE-2020-11844
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
Published
2020-05-29 22:15:10
Updated
2021-05-12 20:45:54
Vulnerability category: Bypass
Products affected by CVE-2020-11844
- cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2019.02:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2019.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2019.08:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2019.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:service_management_automation:2020.02:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11844
2.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11844
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Micro Focus International (DEFUNCT) |
CWE ids for CVE-2020-11844
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by:
- nvd@nist.gov (Primary)
- security@microfocus.com (Secondary)
References for CVE-2020-11844
-
https://softwaresupport.softwaregrp.com/doc/KM03645636
MySupport - Micro Focus Software Support
-
https://softwaresupport.softwaregrp.com/doc/KM03645629
MySupport - Micro Focus Software Support
-
https://softwaresupport.softwaregrp.com/doc/KM03645628
MySupport - Micro Focus Software Support
-
https://support.microfocus.com/kb/doc.php?id=7024637
Security Update for CVE-2020-11844 affecting multiple Micro Focus Security Products
-
https://softwaresupport.softwaregrp.com/doc/KM03645642
MySupport - Micro Focus Software Support
-
https://softwaresupport.softwaregrp.com/doc/KM03645630
MySupport - Micro Focus Software Support
-
https://softwaresupport.softwaregrp.com/doc/KM03645631
MySupport - Micro Focus Software SupportVendor Advisory
Jump to