CVE-2020-11853 in HP and Micro Focus Products
Published on October 22, 2020

Arbitrary code execution vulnerability on multiple Micro Focus products

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

NVD

Vulnerability Analysis

CVE-2020-11853 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2020-11853

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11853 are published in these products:

HP Universal Cmbd Foundation

Micro Focus Application Performance Management

Micro Focus Data Center Automation

Micro Focus Hybrid Cloud Management

Micro Focus Operations Bridge Manager

Micro Focus Operation Bridge Manager

Micro Focus Service Manager Automation

Micro Focus Service Management Automation

Affected Versions

Micro Focus Operation Bridge Manager:

Version 2020.5 is affected.
Version 2019.11 is affected.
Version 2019.05 is affected.
Version 2018.11 is affected.
Version 2018.05 is affected.
Version unspecified, <= 10.63 is affected.

Micro Focus Application Performance Management:

Version 9.51 is affected.
Version 9.50 is affected.
Version 9.40 is affected.

Micro Focus Data Center Automation:

Version 2019.11 is affected.

Micro Focus Operations Bridge (containerized):

Version 2019.11 is affected.
Version 2019.08 is affected.
Version 2019.05 is affected.
Version 2018.11 is affected.
Version 2018.08 is affected.
Version 2018.05 is affected.
Version 2018.02 is affected.
Version 2017.11 is affected.

Micro Focus Universal CMDB:

Version 2020.05 is affected.
Version 2019.11 is affected.
Version 2019.05 is affected.
Version 2019.02 is affected.
Version 2018.11 is affected.
Version 2018.08 is affected.
Version 2018.05 is affected.
Version 11.0 is affected.
Version 10.33 is affected.
Version 10.32 is affected.
Version 10.31 is affected.
Version 10.30 is affected.

Micro Focus Hybrid Cloud Management:

Version 2018.05, <= 2020.05 is affected.

Micro Focus Service Management Automation:

Version 2020.05 is affected.
Version 2020.02 is affected.

Exploit Probability

EPSS

92.68%

Percentile

99.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11853 in HP and Micro Focus ProductsPublished on October 22, 2020

Vulnerability Analysis

Products Associated with CVE-2020-11853

Affected Versions

Exploit Probability

CVE-2020-11853 in HP and Micro Focus Products
Published on October 22, 2020