CVE-2020-11853

HIGH NUCLEI

Micro Focus - RCE

Title source: llm

Description

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Exploits (2)

metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/microfocus_ucmdb_unauth_deser.rb
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/microfocus_obm_auth_rce.rb

Nuclei Templates (1)

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
HIGHby dwisiswant0

References (9)

Scores

CVSS v3 8.8
EPSS 0.9141
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (36)
hp/universal_cmbd_foundation 10.20
hp/universal_cmbd_foundation 10.30
hp/universal_cmbd_foundation 10.31
hp/universal_cmbd_foundation 10.32
hp/universal_cmbd_foundation 10.33
hp/universal_cmbd_foundation 11.0
hp/universal_cmbd_foundation 2018.05
hp/universal_cmbd_foundation 2018.08
hp/universal_cmbd_foundation 2018.11
hp/universal_cmbd_foundation 2019.02
... and 26 more
Published Oct 22, 2020
Tracked Since Feb 18, 2026