nuclei-templates/cves/2020/CVE-2020-11853.yaml

id: CVE-2020-11853

info:
  name: Micro Focus Operation Bridge Manager RCE
  author: dwisiswant0
  severity: high
  description: |
    This template supports the detection part only.

    UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
    but this template can probably also be used to detect Operations Bridge Manager
    (containeirized) and Application Performance Management.

    Originated from Metasploit module (#14654).
  reference:
    - http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2020-11853
  tags: cve,cve2020,opm,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        part: body
        condition: and
:fire: Add CVE-2020-11853 2021-02-26 12:19:32 +00:00			`id: CVE-2020-11853`

			`info:`
			`name: Micro Focus Operation Bridge Manager RCE`
			`author: dwisiswant0`
			`severity: high`
			`description: \|`
			`This template supports the detection part only.`

			`UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,`
:blue_book: Update descriptions 2021-02-26 12:30:30 +00:00			`but this template can probably also be used to detect Operations Bridge Manager`
:fire: Add CVE-2020-11853 2021-02-26 12:19:32 +00:00			`(containeirized) and Application Performance Management.`

			`Originated from Metasploit module (#14654).`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 8.8`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2020-11853`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2020,opm,rce`
:fire: Add CVE-2020-11853 2021-02-26 12:19:32 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/ucmdb-api/connect"`
			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
			`- "HttpUcmdbServiceProviderFactoryImpl"`
			`- "ServerVersion=11.6.0"`
			`part: body`
			`condition: and`