2021-02-26 12:19:32 +00:00
id : CVE-2020-11853
info :
2022-07-26 13:45:11 +00:00
name : Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
2021-02-26 12:19:32 +00:00
author : dwisiswant0
severity : high
description : |
2022-07-26 13:45:11 +00:00
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).
2022-04-22 10:38:41 +00:00
reference :
- http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
2022-05-17 09:18:12 +00:00
- https://softwaresupport.softwaregrp.com/doc/KM03747658
- https://softwaresupport.softwaregrp.com/doc/KM03747949
- https://softwaresupport.softwaregrp.com/doc/KM03747948
2022-07-26 13:45:11 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-11853
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-11853
2023-04-12 10:55:48 +00:00
epss-score : 0.94771
2022-08-27 04:41:18 +00:00
tags : opm,rce,packetstorm,cve,cve2020
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-02-26 12:19:32 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-26 12:19:32 +00:00
- method : GET
path :
- "{{BaseURL}}/ucmdb-api/connect"
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "HttpUcmdbServiceProviderFactoryImpl"
- "ServerVersion=11.6.0"
part : body
2022-07-26 13:45:11 +00:00
condition : and
# Enhanced by mp on 2022/07/13