id: CVE-2020-11854

info:
  name: Micro Focus UCMDB - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
  remediation: |
    Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
    - https://softwaresupport.softwaregrp.com/doc/KM03747658
    - https://softwaresupport.softwaregrp.com/doc/KM03747657
    - https://softwaresupport.softwaregrp.com/doc/KM03747854
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11854
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-11854
    cwe-id: CWE-798
    epss-score: 0.97414
    epss-percentile: 0.99905
    cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microfocus
    product: application_performance_management
  tags: microfocus,packetstorm,cve,cve2020,ucmdb,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}/ucmdb-api/connect"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "HttpUcmdbServiceProviderFactoryImpl"
          - "ServerVersion=11.6.0"
        condition: and

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100c5145c05426125744514e7578e7b7adbb088b1d64962c0376df57fcb828fc517022100db2fc75cdf843fcd4d9c8e2ebf87b58ffb1ad4791f00423c92b0bcc07d1f6ac5:922c64590222798bb761d5b6d8e72950