CVE-2020-11853

Summary

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Micro FocusOperation Bridge Manager2020.5affected
Micro FocusOperation Bridge Manager2019.11affected
Micro FocusOperation Bridge Manager2019.05affected
Micro FocusOperation Bridge Manager2018.11affected
Micro FocusOperation Bridge Manager2018.05affected
Micro FocusOperation Bridge Managerunspecified <= 10.63affected
Micro FocusApplication Performance Management9.51affected
Micro FocusApplication Performance Management9.50affected
Micro FocusApplication Performance Management9.40affected
Micro FocusData Center Automation2019.11affected
Micro FocusOperations Bridge (containerized)2019.11affected
Micro FocusOperations Bridge (containerized)2019.08affected
Micro FocusOperations Bridge (containerized)2019.05affected
Micro FocusOperations Bridge (containerized)2018.11affected
Micro FocusOperations Bridge (containerized)2018.08affected
Micro FocusOperations Bridge (containerized)2018.05affected
Micro FocusOperations Bridge (containerized)2018.02affected
Micro FocusOperations Bridge (containerized)2017.11affected
Micro FocusUniversal CMDB2020.05affected
Micro FocusUniversal CMDB2019.11affected
Micro FocusUniversal CMDB2019.05affected
Micro FocusUniversal CMDB2019.02affected
Micro FocusUniversal CMDB2018.11affected
Micro FocusUniversal CMDB2018.08affected
Micro FocusUniversal CMDB2018.05affected
Micro FocusUniversal CMDB11.0affected
Micro FocusUniversal CMDB10.33affected
Micro FocusUniversal CMDB10.32affected
Micro FocusUniversal CMDB10.31affected
Micro FocusUniversal CMDB10.30affected
Micro FocusHybrid Cloud Management2018.05 <= 2020.05affected
Micro FocusService Management Automation2020.05affected
Micro FocusService Management Automation2020.02affected

Weaknesses

  • Arbitrary code execution

ADP Enrichment

CVE Program Container

Additional References

References