Vulnerability Details : CVE-2020-11854
Public exploit exists!
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
Published
2020-10-27 17:15:12
Updated
2022-04-26 16:31:28
Products affected by CVE-2020-11854
- cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2018.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2019.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2019.08:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge:2020.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.12:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.60:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.61:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.62:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:10.63:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11854
23.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-11854
-
Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution
Disclosure Date: 2020-10-28First seen: 2021-03-12exploit/multi/http/microfocus_ucmdb_unauth_deserThis module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can pr
CVSS scores for CVE-2020-11854
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Micro Focus International (DEFUNCT) |
CWE ids for CVE-2020-11854
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-11854
-
https://www.zerodayinitiative.com/advisories/ZDI-20-1287/
ZDI-20-1287 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://softwaresupport.softwaregrp.com/doc/KM03747657
MySupport - Micro Focus Software SupportVendor Advisory
-
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
Micro Focus UCMDB Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://softwaresupport.softwaregrp.com/doc/KM03747658
MySupport - Micro Focus Software SupportVendor Advisory
-
https://softwaresupport.softwaregrp.com/doc/KM03747854
MySupport - Micro Focus Software SupportVendor Advisory
Jump to