id: CVE-2020-11854

info:
  name: Micro Focus UCMDB RCE
  author: dwisiswant0
  severity: critical
  reference: http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
  description: |
    This template supports the detection part only.

    UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
    but this template can probably also be used to detect Operations Bridge Manager
    (containeirized) and Application Performance Management.

    Originated from Metasploit module (#14654).
  tags: cve,cve2020,ucmdb,rce
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2020-11854
    cwe-id: CWE-798

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        part: body
        condition: and