CVE-2020-11844

Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.

Description

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Remediation

Solution:

  • For Data Center Automation Containerized https://softwaresupport.softwaregrp.com/doc/KM03645628 For Network Operation Management https://softwaresupport.softwaregrp.com/doc/KM03645629 For Operation Bridge Suite https://softwaresupport.softwaregrp.com/doc/KM03645630 For SMA https://softwaresupport.softwaregrp.com/doc/KM03645631 For ArcSight apps https://softwaresupport.softwaregrp.com/doc/KM03645642 For Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03645636 For Identity Intelligence https://support.microfocus.com/kb/doc.php?id=7024637" } ] }

Category

10.0
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 1.03% Top 25%
Affected: Micro Focus Hybrid Cloud Management
Affected: Micro Focus ArcSight Investigate. versions
Affected: Micro Focus ArcSight Transformation Hub
Affected: Micro Focus ArcSight Interset
Affected: Micro Focus ArcSight ESM (when ArcSight Fusion
Affected: Micro Focus Service Management Automation (SMA)
Affected: Micro Focus Operation Bridge Suite (Containerized)
Affected: Micro Focus Network Operation Management
Affected: Micro Focus Data Center Automation Containerized
Affected: Micro Focus Identity Intelligence. versions
Published at:
Updated at:

References

Link Tags
https://softwaresupport.softwaregrp.com/doc/KM03645636
https://softwaresupport.softwaregrp.com/doc/KM03645642
https://softwaresupport.softwaregrp.com/doc/KM03645631
https://softwaresupport.softwaregrp.com/doc/KM03645630
https://softwaresupport.softwaregrp.com/doc/KM03645629
https://softwaresupport.softwaregrp.com/doc/KM03645628
https://support.microfocus.com/kb/doc.php?id=7024637

Frequently Asked Questions

What is the severity of CVE-2020-11844?
CVE-2020-11844 has been scored as a critical severity vulnerability.
How to fix CVE-2020-11844?
To fix CVE-2020-11844: For Data Center Automation Containerized https://softwaresupport.softwaregrp.com/doc/KM03645628 For Network Operation Management https://softwaresupport.softwaregrp.com/doc/KM03645629 For Operation Bridge Suite https://softwaresupport.softwaregrp.com/doc/KM03645630 For SMA https://softwaresupport.softwaregrp.com/doc/KM03645631 For ArcSight apps https://softwaresupport.softwaregrp.com/doc/KM03645642 For Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03645636 For Identity Intelligence https://support.microfocus.com/kb/doc.php?id=7024637" } ] }
Is CVE-2020-11844 being actively exploited in the wild?
It is possible that CVE-2020-11844 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-11844?
CVE-2020-11844 affects Micro Focus Hybrid Cloud Management, Micro Focus ArcSight Investigate. versions, Micro Focus ArcSight Transformation Hub, Micro Focus ArcSight Interset, Micro Focus ArcSight ESM (when ArcSight Fusion, Micro Focus Service Management Automation (SMA), Micro Focus Operation Bridge Suite (Containerized), Micro Focus Network Operation Management, Micro Focus Data Center Automation Containerized, Micro Focus Identity Intelligence. versions.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.