CVE-2020-11855

HIGH

Micro Focus Operation Bridge Reporter < 10.40 - Local Privilege Escalation via Incorrect Permission Assignment

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11855. Includes Metasploit module exploits/windows/local/microfocus_operations_privesc.

AI-analyzed exploit summary This Metasploit module exploits a local privilege escalation vulnerability in Micro Focus Operations Bridge Manager/Reporter by dropping a malicious JSP file in an incorrectly permissioned directory, leading to SYSTEM-level code execution when accessed via HTTP request.

Description

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/microfocus_operations_privesc.rb

View Code ZIP pw:eip

This Metasploit module exploits a local privilege escalation vulnerability in Micro Focus Operations Bridge Manager/Reporter by dropping a malicious JSP file in an incorrectly permissioned directory, leading to SYSTEM-level code execution when accessed via HTTP request.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Micro Focus Operations Bridge Manager <= 2020.05, Micro Focus Operations Bridge Reporter <= 10.40

No auth needed

Prerequisites: Meterpreter session on target · Powershell installed on target · Access to write files in the vulnerable directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://softwaresupport.softwaregrp.com/doc/KM03710590

Third Party Advisory x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-20-1217/

Scores

CVSS v3 7.8

EPSS 0.0135

EPSS Percentile 67.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

microfocus/operation_bridge_reporter < 10.40

Published Sep 22, 2020

Tracked Since Feb 18, 2026