Micro Focus UCMDB - Remote Code Execution

🗓️ 01 Jun 2026 05:38:37Reported by ProjectDiscoveryType

Micro Focus UCMDB remote code execution in Operation Bridge Manager and Application Performance Management

Reporter	Title	Published	Views	Family All 13
0day.today	Micro Focus UCMDB Remote Code Execution Exploit	28 Jan 202100:00	–	zdt
Circl	CVE-2020-11854	27 Oct 202019:31	–	circl
Check Point Advisories	Micro Focus UCMDB Remote Code Execution (CVE-2020-11854; CVE-2020-11853)	15 Feb 202100:00	–	checkpoint_advisories
CVE	CVE-2020-11854	27 Oct 202016:29	–	cve
Cvelist	CVE-2020-11854 Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.	27 Oct 202016:29	–	cvelist
Metasploit	Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution	27 Jan 202117:42	–	metasploit
NVD	CVE-2020-11854	27 Oct 202017:15	–	nvd
Packet Storm	Micro Focus UCMDB Remote Code Execution	28 Jan 202100:00	–	packetstorm
Prion	Design/Logic Flaw	27 Oct 202017:15	–	prion
Rapid7 Blog	Metasploit Wrap-Up	29 Jan 202121:09	–	rapid7blog

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747658
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747657
softwaresupport	www.softwaresupport.softwaregrp.com/doc/KM03747854
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-11854

id: CVE-2020-11854

info:
  name: Micro Focus UCMDB - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
    - https://softwaresupport.softwaregrp.com/doc/KM03747658
    - https://softwaresupport.softwaregrp.com/doc/KM03747657
    - https://softwaresupport.softwaregrp.com/doc/KM03747854
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11854
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-11854
    cwe-id: CWE-798
    epss-score: 0.92403
    epss-percentile: 0.99743
    cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microfocus
    product: application_performance_management
  tags: cve2020,cve,microfocus,packetstorm,ucmdb,rce,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bdf4a4f33389a968295ab98b0a66ae6ef10a45c3a59864f50a7066fb2cee910202201f65831908e1e0cfc0191cdb0f76a6d80058bbcec3a4a37cf1a5d5416731f6f2:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.19.8

CVSS 210

EPSS0.92403