CVE-2020-11853

Arbitrary code execution vulnerability on multiple Micro Focus products

Description

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Remediation

Solution:

For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658 For Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657 For Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879 For Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854 For Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949 For Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948 For Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950

8.8

CVSS

Severity: High

CVSS 3.1 •

CVSS 2.0 •

EPSS 90.26% Top 5%

Affected: Micro Focus Operation Bridge Manager

Affected: Micro Focus Application Performance Management

Affected: Micro Focus Data Center Automation

Affected: Micro Focus Operations Bridge (containerized)

Affected: Micro Focus Universal CMDB

Affected: Micro Focus Hybrid Cloud Management

Affected: Micro Focus Service Management Automation

References

Link	Tags
https://softwaresupport.softwaregrp.com/doc/KM03747658
https://softwaresupport.softwaregrp.com/doc/KM03747657
https://softwaresupport.softwaregrp.com/doc/KM03747854
https://softwaresupport.softwaregrp.com/doc/KM03749879
https://softwaresupport.softwaregrp.com/doc/KM03747949
https://softwaresupport.softwaregrp.com/doc/KM03747948
https://softwaresupport.softwaregrp.com/doc/KM03747950
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html

Frequently Asked Questions

What is the severity of CVE-2020-11853?: CVE-2020-11853 has been scored as a high severity vulnerability.
How to fix CVE-2020-11853?: To fix CVE-2020-11853: For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658 For Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657 For Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879 For Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854 For Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949 For Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948 For Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950
Is CVE-2020-11853 being actively exploited in the wild?: It is possible that CVE-2020-11853 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~90% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-11853?: CVE-2020-11853 affects Micro Focus Operation Bridge Manager , Micro Focus Application Performance Management , Micro Focus Data Center Automation, Micro Focus Operations Bridge (containerized), Micro Focus Universal CMDB , Micro Focus Hybrid Cloud Management, Micro Focus Service Management Automation .