Lucene search

[email protected]NVD:CVE-2020-11855

HistorySep 22, 2020 - 2:15 p.m.

CVE-2020-11855

2020-09-2214:15:12

CWE-732

[email protected]

web.nvd.nist.gov

authorization bypass

micro focus obr

version 10.40

local attackers

escalated privileges

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.3%

JSON

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.

Affected configurations

Nvd

Node

microfocusoperation_bridge_reporterRange≤10.40

VendorProductVersionCPE
microfocusoperation_bridge_reporter*cpe:2.3:a:microfocus:operation_bridge_reporter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microfocus	operation_bridge_reporter	*	cpe:2.3:a:microfocus:operation_bridge_reporter::::::::

References

softwaresupport.softwaregrp.com/doc/KM03710590

www.zerodayinitiative.com/advisories/ZDI-20-1217/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.3%

JSON

Related for NVD:CVE-2020-11855

cvelist1 zdi1 prion1 cve1 metasploit1