Lucene search

K
cve[email protected]CVE-2020-11844
HistoryMay 29, 2020 - 10:15 p.m.

CVE-2020-11844

2020-05-2922:15:10
CWE-863
web.nvd.nist.gov
60
2
cve-2020-11844
incorrect authorization
vulnerability
micro focus
container deployment foundation
hybrid cloud management
arcsight investigate
arcsight transformation hub
security
nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Affected configurations

NVD
Node
microfocusservice_management_automationMatch2018.05
OR
microfocusservice_management_automationMatch2018.08
OR
microfocusservice_management_automationMatch2018.11
OR
microfocusservice_management_automationMatch2019.02
OR
microfocusservice_management_automationMatch2019.05
OR
microfocusservice_management_automationMatch2019.08
OR
microfocusservice_management_automationMatch2019.11
OR
microfocusservice_management_automationMatch2020.02

CNA Affected

[
  {
    "product": "Hybrid Cloud Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThan": "2019.11",
        "status": "affected",
        "version": "2018.05",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ArcSight Investigate. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  },
  {
    "product": "ArcSight Transformation Hub",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.2.0"
      }
    ]
  },
  {
    "product": "ArcSight Interset",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0"
      }
    ]
  },
  {
    "product": "ArcSight ESM (when ArcSight Fusion",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.1"
      }
    ]
  },
  {
    "product": "Service Management Automation (SMA)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2020.02"
      }
    ]
  },
  {
    "product": " Operation Bridge Suite (Containerized)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.8"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Network Operation Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThanOrEqual": "2019.11",
        "status": "affected",
        "version": "2017.11",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Data Center Automation Containerized",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Identity Intelligence. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "next of 1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

Related for CVE-2020-11844