CVE-2020-11854 Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.

🗓️ 27 Oct 2020 16:29:44Reported by microfocusType

Arbitrary code execution vulnerability in Micro Focus product

Reporter	Title	Published	Views	Family All 13
0day.today	Micro Focus UCMDB Remote Code Execution Exploit	28 Jan 202100:00	–	zdt
Circl	CVE-2020-11854	27 Oct 202019:31	–	circl
Check Point Advisories	Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)	15 Feb 202100:00	–	checkpoint_advisories
CVE	CVE-2020-11854	27 Oct 202016:29	–	cve
Metasploit	Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution	27 Jan 202117:42	–	metasploit
Nuclei	Micro Focus UCMDB - Remote Code Execution	1 Jun 202605:38	–	nuclei
NVD	CVE-2020-11854	27 Oct 202017:15	–	nvd
Packet Storm	Micro Focus UCMDB Remote Code Execution	28 Jan 202100:00	–	packetstorm
Prion	Design/Logic Flaw	27 Oct 202017:15	–	prion
Rapid7 Blog	Metasploit Wrap-Up	29 Jan 202121:09	–	rapid7blog

[
  {
    "product": "Application Performance Management",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "9.51"
      },
      {
        "status": "affected",
        "version": "9.50"
      },
      {
        "status": "affected",
        "version": "9.40"
      }
    ]
  },
  {
    "product": "Operation Bridge (containerized)",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2019.08"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2018.08"
      },
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "2018.02"
      },
      {
        "status": "affected",
        "version": "2017.11"
      }
    ]
  },
  {
    "product": "Operation Bridge Manager",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2019.11"
      },
      {
        "status": "affected",
        "version": "2019.05"
      },
      {
        "status": "affected",
        "version": "2018.11"
      },
      {
        "status": "affected",
        "version": "2018.05"
      },
      {
        "status": "affected",
        "version": "10.63"
      },
      {
        "status": "affected",
        "version": "10.62"
      },
      {
        "status": "affected",
        "version": "10.61"
      },
      {
        "status": "affected",
        "version": "10.60"
      },
      {
        "status": "affected",
        "version": "10.12"
      },
      {
        "status": "affected",
        "version": "10.11"
      },
      {
        "lessThanOrEqual": "10.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747657
packetstormsecurity	www.packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747854
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747658
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-20-1287/

28 Jan 2021 15:06Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

EPSS0.92403