id: CVE-2020-11853

info:
  name: Micro Focus Operation Bridge Manager RCE
  author: dwisiswant0
  severity: high
  reference: http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
  description: |
    This template supports the detection part only.

    UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected,
    but this template can probably also be used to detect Operations Bridge Manager
    (containeirized) and Application Performance Management.

    Originated from Metasploit module (#14654).
  tags: cve,cve2020,opm,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        part: body
        condition: and