CVE-2020-11854: Micro Focus Operations Bridge Manager diagnostics Use of Hard-coded Credentials Remote Code Execution Vulnerability
First published: Tue Oct 27 2020(Updated: )
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
Credit: security@microfocus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus Operations Bridge Manager | ||
| Microfocus Application Performance Management | =9.50 | |
| Microfocus Application Performance Management | =9.51 | |
| Microfocus Operations Bridge | =2017.11 | |
| Microfocus Operations Bridge | =2018.02 | |
| Microfocus Operations Bridge | =2018.05 | |
| Microfocus Operations Bridge | =2018.08 | |
| Microfocus Operations Bridge | =2018.11 | |
| Microfocus Operations Bridge | =2019.05 | |
| Microfocus Operations Bridge | =2019.08 | |
| Microfocus Operations Bridge | =2020.05 | |
| Microfocus Operations Bridge Manager | <=10.10 | |
| Microfocus Operations Bridge Manager | =10.11 | |
| Microfocus Operations Bridge Manager | =10.12 | |
| Microfocus Operations Bridge Manager | =10.60 | |
| Microfocus Operations Bridge Manager | =10.61 | |
| Microfocus Operations Bridge Manager | =10.62 | |
| Microfocus Operations Bridge Manager | =10.63 | |
| Microfocus Operations Bridge Manager | =2018.05 | |
| Microfocus Operations Bridge Manager | =2018.11 | |
| Microfocus Operations Bridge Manager | =2019.05 | |
| Microfocus Operations Bridge Manager | =2019.11 | |
| Microfocus Operations Bridge Manager | =2020.05 | |
| Microfocus Application Performance Management | =9.40 | |
| Microfocus Universal Cmdb | =10.33-cumulative_update_package_3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://softwaresupport.softwaregrp.com/doc/KM03747658
- https://www.zerodayinitiative.com/advisories/ZDI-20-1287/
- http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
- https://softwaresupport.softwaregrp.com/doc/KM03747657
- https://softwaresupport.softwaregrp.com/doc/KM03747854
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-11854.
What is the severity of vulnerability CVE-2020-11854?
The severity of vulnerability CVE-2020-11854 is critical with a severity value of 9.8.
Which products are affected by vulnerability CVE-2020-11854?
The products affected by vulnerability CVE-2020-11854 are Micro Focus Operations Bridge Manager, Micro Focus Application Performance Management, and Micro Focus Operations Bridge (containerized).
How can I fix vulnerability CVE-2020-11854?
To fix vulnerability CVE-2020-11854, it is recommended to apply the necessary security patches and updates provided by Micro Focus.
Where can I find more information about vulnerability CVE-2020-11854?
You can find more information about vulnerability CVE-2020-11854 in the references provided: [link1](http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html), [link2](https://softwaresupport.softwaregrp.com/doc/KM03747657), [link3](https://softwaresupport.softwaregrp.com/doc/KM03747658).
- collector/zdi-advisory
- alias/ZDI-20-1287
- alias/ZDI-CAN-11201
- alias/CVE-2020-11854
- agent/references
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/micro focus
- canonical/micro focus operations bridge manager
- vendor/microfocus
- canonical/microfocus application performance management
- version/microfocus application performance management/9.50
- version/microfocus application performance management/9.51
- canonical/microfocus operations bridge
- version/microfocus operations bridge/2017.11
- version/microfocus operations bridge/2018.02
- version/microfocus operations bridge/2018.05
- version/microfocus operations bridge/2018.08
- version/microfocus operations bridge/2018.11
- version/microfocus operations bridge/2019.05
- version/microfocus operations bridge/2019.08
- version/microfocus operations bridge/2020.05
- canonical/microfocus operations bridge manager
- version/microfocus operations bridge manager/10.10
- version/microfocus operations bridge manager/10.11
- version/microfocus operations bridge manager/10.12
- version/microfocus operations bridge manager/10.60
- version/microfocus operations bridge manager/10.61
- version/microfocus operations bridge manager/10.62
- version/microfocus operations bridge manager/10.63
- version/microfocus operations bridge manager/2018.05
- version/microfocus operations bridge manager/2018.11
- version/microfocus operations bridge manager/2019.05
- version/microfocus operations bridge manager/2019.11
- version/microfocus operations bridge manager/2020.05
- version/microfocus application performance management/9.40
- canonical/microfocus universal cmdb
- version/microfocus universal cmdb/10.33-cumulative_update_package_3