Micro Focus Operations Bridge Manager CorrelationFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-10-28T00:00:00
ID ZDI-20-1291 Type zdi Reporter Pedro Ribeiro (pedrib@gmail.com | @pedrib1337) from Agile Information Security Modified 2020-10-28T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the CorrelationFacadeForGui endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
{"id": "ZDI-20-1291", "bulletinFamily": "info", "title": "Micro Focus Operations Bridge Manager CorrelationFacadeForGui Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the CorrelationFacadeForGui endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "published": "2020-10-28T00:00:00", "modified": "2020-10-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1291/", "reporter": "Pedro Ribeiro (pedrib@gmail.com | @pedrib1337) from Agile Information Security", "references": ["https://softwaresupport.softwaregrp.com/doc/KM03747658"], "cvelist": ["CVE-2020-11853"], "type": "zdi", "lastseen": "2020-10-28T17:31:30", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-11853"]}, {"type": "zdi", "idList": ["ZDI-20-1323", "ZDI-20-1307", "ZDI-20-1294", "ZDI-20-1293", "ZDI-20-1303", "ZDI-20-1325", "ZDI-20-1304", "ZDI-20-1306", "ZDI-20-1313", "ZDI-20-1309"]}], "modified": "2020-10-28T17:31:30", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2020-10-28T17:31:30", "rev": 2}, "vulnersScore": 3.8}}
{"cve": [{"lastseen": "2020-12-09T22:03:05", "description": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-22T21:15:00", "title": "CVE-2020-11853", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11853"], "modified": "2020-11-16T16:09:00", "cpe": ["cpe:/a:microfocus:application_performance_management:9.50", "cpe:/a:microfocus:operations_bridge_manager:2018.11", "cpe:/a:hp:universal_cmbd_foundation:10.31", "cpe:/a:hp:universal_cmbd_foundation:2019.02", "cpe:/a:microfocus:operation_bridge_manager:10.10", "cpe:/a:microfocus:operations_bridge_manager:2018.08", "cpe:/a:hp:universal_cmbd_foundation:2018.11", "cpe:/a:microfocus:operations_bridge_manager:2019.05", "cpe:/a:hp:universal_cmbd_foundation:2019.05", "cpe:/a:microfocus:operation_bridge_manager:10.12", "cpe:/a:microfocus:service_manager_automation:2020.02", "cpe:/a:hp:universal_cmbd_foundation:2018.08", "cpe:/a:microfocus:operation_bridge_manager:10.62", "cpe:/a:microfocus:data_center_automation:2019.11", "cpe:/a:hp:universal_cmbd_foundation:2020.05.", "cpe:/a:microfocus:operations_bridge_manager:2020.05", "cpe:/a:hp:universal_cmbd_foundation:10.20", "cpe:/a:hp:universal_cmbd_foundation:10.32", "cpe:/a:microfocus:application_performance_management:9.51", "cpe:/a:hp:universal_cmbd_foundation:11.0", "cpe:/a:hp:universal_cmbd_foundation:2019.11", "cpe:/a:microfocus:hybrid_cloud_management:2020.05", "cpe:/a:hp:universal_cmbd_foundation:2018.05", "cpe:/a:microfocus:operations_bridge_manager:2019.08", "cpe:/a:microfocus:operations_bridge_manager:2018.05", "cpe:/a:microfocus:application_performance_management:9.40", "cpe:/a:hp:universal_cmbd_foundation:10.33", "cpe:/a:microfocus:operation_bridge_manager:10.60", "cpe:/a:microfocus:service_manager_automation:2020.05", "cpe:/a:microfocus:operations_bridge_manager:2017.11", "cpe:/a:microfocus:operations_bridge_manager:2018.02", "cpe:/a:microfocus:operations_bridge_manager:2019.11", "cpe:/a:microfocus:operation_bridge_manager:10.61", "cpe:/a:microfocus:operation_bridge_manager:10.63", "cpe:/a:microfocus:operation_bridge_manager:10.11", "cpe:/a:hp:universal_cmbd_foundation:10.30"], "id": "CVE-2020-11853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11853", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microfocus:operation_bridge_manager:10.10:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:data_center_automation:2019.11:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2018.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2018.02:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2017.11:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:10.31:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2019.11:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.12:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:10.20:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2018.11:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:10.32:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:service_manager_automation:2020.02:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.62:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:10.30:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.60:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.63:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2019.02:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2020.05.:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.11:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:10.33:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2018.08:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operation_bridge_manager:10.61:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2018.08:*:*:*:*:*:*:*", "cpe:2.3:a:hp:universal_cmbd_foundation:2019.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:hybrid_cloud_management:2020.05:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:operations_bridge_manager:2019.08:*:*:*:*:*:*:*", "cpe:2.3:a:microfocus:service_manager_automation:2020.05:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the CMSImagesService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1300", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1300/", "title": "Micro Focus Operations Bridge Manager CMSImagesService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ImpactService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1314", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1314/", "title": "Micro Focus Operations Bridge Manager ImpactService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the WatchServerAPI endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1297", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1297/", "title": "Micro Focus Operations Bridge Manager WatchServerAPI Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DiscoveryService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1305", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1305/", "title": "Micro Focus Operations Bridge Manager DiscoveryService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SecurityService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1288", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1288/", "title": "Micro Focus Operations Bridge Manager SecurityService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the GenericAdapterService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1325", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1325/", "title": "Micro Focus Operations Bridge Manager GenericAdapterService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AutomationMappingService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1323", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1323/", "title": "Micro Focus Operations Bridge Manager AutomationMappingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:31", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the LocationService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1312", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1312/", "title": "Micro Focus Operations Bridge Manager LocationService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the CIService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1309", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1309/", "title": "Micro Focus Operations Bridge Manager CIService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-28T17:31:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-11853"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the LicensingService endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "edition": 1, "modified": "2020-10-28T00:00:00", "published": "2020-10-28T00:00:00", "id": "ZDI-20-1324", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1324/", "title": "Micro Focus Operations Bridge Manager LicensingService Deserialization Of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}]}
