id: CVE-2020-11854

info:
  name: Micro Focus UCMDB - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
  reference:
    - http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
    - https://softwaresupport.softwaregrp.com/doc/KM03747658
    - https://softwaresupport.softwaregrp.com/doc/KM03747657
    - https://softwaresupport.softwaregrp.com/doc/KM03747854
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11854
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-11854
    cwe-id: CWE-798
    epss-score: 0.97417
  tags: microfocus,packetstorm,cve,cve2020,ucmdb,rce
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        condition: and

      - type: status
        status:
          - 200
# Enhanced by mp on 2022/05/16