CVE-2020-11853

HIGH NUCLEI

Micro Focus Operation Bridge Manager - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-11853. Includes Metasploit module exploits/multi/http/microfocus_ucmdb_unauth_deser. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a Java deserialization vulnerability (CVE-2020-11854) in Micro Focus UCMDB, chained with an authentication bypass (CVE-2020-11853) using hardcoded credentials. It achieves unauthenticated remote code execution by sending a malicious serialized object to a vulnerable endpoint.

Description

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Exploits (2)

metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/microfocus_ucmdb_unauth_deser.rb

This Metasploit module exploits a Java deserialization vulnerability (CVE-2020-11854) in Micro Focus UCMDB, chained with an authentication bypass (CVE-2020-11853) using hardcoded credentials. It achieves unauthenticated remote code execution by sending a malicious serialized object to a vulnerable endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus UCMDB (versions 2020.05 and below)
No auth needed
Prerequisites: Network access to the target · Vulnerable UCMDB service exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/microfocus_obm_auth_rce.rb

This Metasploit module exploits an authenticated Java deserialization vulnerability in Micro Focus Operations Bridge Manager (and other products) to achieve remote code execution as root (Linux) or SYSTEM (Windows). It uses a crafted C3P0 gadget to trigger remote classloading, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Micro Focus Operations Bridge Manager <= 2020.05 (and other Micro Focus products)
Auth required
Prerequisites: Authenticated session (LWSSO_COOKIE_KEY) · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
HIGHby dwisiswant0

References (9)

Core 9
Core References

Scores

CVSS v3 8.8
EPSS 0.7699
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (36)
hp/universal_cmbd_foundation 10.20
hp/universal_cmbd_foundation 10.30
hp/universal_cmbd_foundation 10.31
hp/universal_cmbd_foundation 10.32
hp/universal_cmbd_foundation 10.33
hp/universal_cmbd_foundation 11.0
hp/universal_cmbd_foundation 2018.05
hp/universal_cmbd_foundation 2018.08
hp/universal_cmbd_foundation 2018.11
hp/universal_cmbd_foundation 2019.02
... and 26 more
Published Oct 22, 2020
Tracked Since Feb 18, 2026