CVE-2020-11854

EPSS 91.28%
Published 27.10.2020 17:15:12
Last modified 21.11.2024 04:58:45
Source security@opentext.com
Teams watchlist Login
Open Login

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Microfocus ≫ Application Performance Management Version9.50

Microfocus ≫ Application Performance Management Version9.51

Microfocus ≫ Operations Bridge Version2017.11

Microfocus ≫ Operations Bridge Version2018.02

Microfocus ≫ Operations Bridge Version2018.05

Microfocus ≫ Operations Bridge Version2018.08

Microfocus ≫ Operations Bridge Version2018.11

Microfocus ≫ Operations Bridge Version2019.05

Microfocus ≫ Operations Bridge Version2019.08

Microfocus ≫ Operations Bridge Version2020.05

Microfocus ≫ Operations Bridge Manager Version <= 10.10

Microfocus ≫ Operations Bridge Manager Version10.11

Microfocus ≫ Operations Bridge Manager Version10.12

Microfocus ≫ Operations Bridge Manager Version10.60

Microfocus ≫ Operations Bridge Manager Version10.61

Microfocus ≫ Operations Bridge Manager Version10.62

Microfocus ≫ Operations Bridge Manager Version10.63

Microfocus ≫ Operations Bridge Manager Version2018.05

Microfocus ≫ Operations Bridge Manager Version2018.11

Microfocus ≫ Operations Bridge Manager Version2019.05

Microfocus ≫ Operations Bridge Manager Version2019.11

Microfocus ≫ Operations Bridge Manager Version2020.05

Microfocus ≫ Application Performance Management Version9.40

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	91.28%	0.996

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
security@opentext.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html

https://softwaresupport.softwaregrp.com/doc/KM03747657

https://softwaresupport.softwaregrp.com/doc/KM03747658

https://softwaresupport.softwaregrp.com/doc/KM03747854

https://www.zerodayinitiative.com/advisories/ZDI-20-1287/

https://nvd.nist.gov/vuln/detail/CVE-2020-11854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11854

EUVD