CVE-2020-11844

Summary

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Affected Software

VendorProductVersion RangeStatus
Micro FocusHybrid Cloud Management2018.05 < 2019.11affected
Micro FocusArcSight Investigate. versions2.4.0affected
Micro FocusArcSight Investigate. versions3.0.0affected
Micro FocusArcSight Investigate. versions3.1.0affected
Micro FocusArcSight Transformation Hub3.0.0affected
Micro FocusArcSight Transformation Hub3.1.0affected
Micro FocusArcSight Transformation Hub3.2.0affected
Micro FocusArcSight Interset6.0.0affected
Micro FocusArcSight ESM (when ArcSight Fusion7.2.1affected
Micro FocusService Management Automation (SMA)2018.05affected
Micro FocusService Management Automation (SMA)2018.08affected
Micro FocusService Management Automation (SMA)2018.11affected
Micro FocusService Management Automation (SMA)2019.02affected
Micro FocusService Management Automation (SMA)2019.05affected
Micro FocusService Management Automation (SMA)2019.08affected
Micro FocusService Management Automation (SMA)2019.11affected
Micro FocusService Management Automation (SMA)2020.02affected
Micro FocusOperation Bridge Suite (Containerized)2018.05affected
Micro FocusOperation Bridge Suite (Containerized)2018.08affected
Micro FocusOperation Bridge Suite (Containerized)2018.11affected
Micro FocusOperation Bridge Suite (Containerized)2019.02affected
Micro FocusOperation Bridge Suite (Containerized)2019.05affected
Micro FocusOperation Bridge Suite (Containerized)2019.8affected
Micro FocusOperation Bridge Suite (Containerized)2019.11affected
Micro FocusNetwork Operation Management2017.11 <= 2019.11affected
Micro FocusData Center Automation Containerized2018.05affected
Micro FocusData Center Automation Containerized2018.08affected
Micro FocusData Center Automation Containerized2018.11affected
Micro FocusData Center Automation Containerized2019.02affected
Micro FocusData Center Automation Containerized2019.05affected
Micro FocusData Center Automation Containerized2019.08affected
Micro FocusData Center Automation Containerized2019.11affected
Micro FocusIdentity Intelligence. versions1.1.0affected
Micro FocusIdentity Intelligence. versionsnext of 1.1.1 < unspecifiedunaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References