CVE-2020-11856
CRITICALMicro Focus Operation Bridge Reporter < 10.40 - Remote Code Execution
Title source: llmDescription
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03710590
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1216/
Scores
CVSS v3
9.8
EPSS
0.0353
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
microfocus/operation_bridge_reporter
< 10.40
Published
Sep 22, 2020
Tracked Since
Feb 18, 2026