id: CVE-2020-11853 info: name: Micro Focus Operation Bridge Manager RCE author: dwisiswant0 severity: high description: | This template supports the detection part only. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this template can probably also be used to detect Operations Bridge Manager (containeirized) and Application Performance Management. Originated from Metasploit module (#14654). reference: - http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html - https://softwaresupport.softwaregrp.com/doc/KM03747658 - https://softwaresupport.softwaregrp.com/doc/KM03747949 - https://softwaresupport.softwaregrp.com/doc/KM03747948 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-11853 tags: cve,cve2020,opm,rce requests: - method: GET path: - "{{BaseURL}}/ucmdb-api/connect" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "HttpUcmdbServiceProviderFactoryImpl" - "ServerVersion=11.6.0" part: body condition: and