ZDI-CAN-11075: Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboadmin user during installation. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of the shrboadmin user.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVEVA Reports for Operations |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-11075?
ZDI-CAN-11075 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix ZDI-CAN-11075?
To fix ZDI-CAN-11075, update your installation of Micro Focus Operations Bridge Reporter to the latest version provided by the vendor.
Who is affected by ZDI-CAN-11075?
Organizations using vulnerable versions of Micro Focus Operations Bridge Reporter without proper security measures are at risk from ZDI-CAN-11075.
What type of vulnerability is ZDI-CAN-11075?
ZDI-CAN-11075 is a remote code execution vulnerability that allows attackers to run arbitrary code without authentication.
When was ZDI-CAN-11075 disclosed?
ZDI-CAN-11075 was disclosed in the context of ongoing vulnerability reporting and awareness efforts as part of the Zero Day Initiative.
- agent/references
- agent/softwarecombine
- agent/severity
- agent/title
- agent/type
- agent/description
- agent/event
- agent/tags
- collector/zdi-advisory
- alias/ZDI-20-1215
- alias/ZDI-CAN-11075
- alias/CVE-2020-11857
- agent/software-canonical-lookup-request
- vendor/micro focus
- canonical/aveva reports for operations