Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPedro Ribeiro ([email protected]|@pedrib1337) from Agile Information SecurityZDI-20-1216
HistorySep 23, 2020 - 12:00 a.m.

Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability

2020-09-2300:00:00
Pedro Ribeiro ([email protected]|@pedrib1337) from Agile Information Security
www.zerodayinitiative.com
15
micro focus
operations bridge reporter
jmx
missing authentication
remote code execution
vulnerability
configuration
remote interface
mbeans
system.

EPSS

0.11

Percentile

95.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. This interface allows a remote attacker to register attacker-controlled MBeans. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

Related

nvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2020-11856
2020-09-22 15:15:14
cvelist
cvelist
CVE-2020-11856
2020-09-22 14:03:47
prion
prion
Remote code execution
2020-09-22 15:15:00
cve
cve
CVE-2020-11856
2020-09-22 15:15:14

EPSS

0.11

Percentile

95.2%

JSON
Related for ZDI-20-1216
nvd1cvelist1prion1cve1