Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-11844
HistoryMay 29, 2020 - 10:15 p.m.

CVE-2020-11844

2020-05-2922:15:10
CWE-863
[email protected]
web.nvd.nist.gov
60
2
cve-2020-11844
incorrect authorization
vulnerability
micro focus
container deployment foundation
hybrid cloud management
arcsight investigate
arcsight transformation hub
security
nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Affected configurations

NVD
Node
microfocusservice_management_automationMatch2018.05
OR
microfocusservice_management_automationMatch2018.08
OR
microfocusservice_management_automationMatch2018.11
OR
microfocusservice_management_automationMatch2019.02
OR
microfocusservice_management_automationMatch2019.05
OR
microfocusservice_management_automationMatch2019.08
OR
microfocusservice_management_automationMatch2019.11
OR
microfocusservice_management_automationMatch2020.02

CNA Affected

[
  {
    "product": "Hybrid Cloud Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThan": "2019.11",
        "status": "affected",
        "version": "2018.05",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ArcSight Investigate. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  },
  {
    "product": "ArcSight Transformation Hub",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.2.0"
      }
    ]
  },
  {
    "product": "ArcSight Interset",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0"
      }
    ]
  },
  {
    "product": "ArcSight ESM (when ArcSight Fusion",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.1"
      }
    ]
  },
  {
    "product": "Service Management Automation (SMA)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2020.02"
      }
    ]
  },
  {
    "product": " Operation Bridge Suite (Containerized)",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.8"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Network Operation Management",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "lessThanOrEqual": "2019.11",
        "status": "affected",
        "version": "2017.11",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Data Center Automation Containerized",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2019.02"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.11"
      }
    ]
  },
  {
    "product": "Identity Intelligence. versions",
    "vendor": "Micro Focus ",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "next of 1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-11844 Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.
2020-05-29 21:15:23
prion
prion
Authorization
2020-05-29 22:15:00
nvd
nvd
CVE-2020-11844
2020-05-29 22:15:10

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON
Related for CVE-2020-11844
cvelist1prion1nvd1