CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_performance_management:9.51:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2018.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2019.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2019.08:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge:2020.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.60:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.61:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.62:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:10.63:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2018.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2018.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2019.05:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2019.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:operations_bridge_manager:2020.05:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microfocus:application_performance_management:9.40:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.33:cumulative_update_package_3:*:*:*:*:*:*

History

07 Nov 2023, 03:15

Type Values Removed Values Added
References (MISC) https://softwaresupport.softwaregrp.com/doc/KM03747854 - Vendor Advisory () https://softwaresupport.softwaregrp.com/doc/KM03747854 -
References (MISC) http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html -
References (MISC) https://softwaresupport.softwaregrp.com/doc/KM03747658 - Vendor Advisory () https://softwaresupport.softwaregrp.com/doc/KM03747658 -
References (MISC) https://softwaresupport.softwaregrp.com/doc/KM03747657 - Vendor Advisory () https://softwaresupport.softwaregrp.com/doc/KM03747657 -
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-20-1287/ -

Information

Published : 2020-10-27 17:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-11854

Mitre link : CVE-2020-11854

CVE.ORG link : CVE-2020-11854


JSON object : View

Products Affected

microfocus

  • universal_cmdb
  • application_performance_management
  • operations_bridge_manager
  • operations_bridge
CWE
CWE-798

Use of Hard-coded Credentials