CVE-2020-11855

HIGH

Microfocus Operation Bridge Reporter - Incorrect Permission Assignment

Title source: rule

Description

An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/microfocus_operations_privesc.rb

View Code ZIP pw:eip

References (2)

[Various Sources] https://softwaresupport.softwaregrp.com/doc/KM03710590

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-20-1217/

Scores

CVSS v3 7.8

EPSS 0.0302

EPSS Percentile 86.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

microfocus/operation_bridge_reporter < 10.40

Published Sep 22, 2020

Tracked Since Feb 18, 2026