← back
CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.

CVSS 9.8 CRITICALEPSS 74.2%
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Micro Focus · Application Performance ManagementMicro Focus · Operation Bridge (containerized)Micro Focus · Operation Bridge Manager
public PoCs found1
cve_referencepacketstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.htmlhttps://softwaresupport.softwaregrp.com/doc/KM03747657https://softwaresupport.softwaregrp.com/doc/KM03747658https://softwaresupport.softwaregrp.com/doc/KM03747854https://www.zerodayinitiative.com/advisories/ZDI-20-1287/