Auth bypass in Micro Focus Arcsight Esm (When Fusion
CVE-2020-11844
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Tr…
Vulnerability class: Broken Access Control
EPSS: 0.020 (78.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Micro Focus Arcsight Esm (When Fusion — versions 7.2.1
- Micro Focus Arcsight Interset — versions 6.0.0
- Micro Focus Arcsight Investigate. Versions — versions 2.4.0, 3.0.0, 3.1.0
- Micro Focus Arcsight Transformation Hub — versions 3.0.0, 3.1.0, 3.2.0
- Micro Focus Data Center Automation Containerized — versions 2018.05, 2018.08, 2018.11
- Micro Focus Hybrid Cloud Management — versions 2018.05
- Micro Focus Identity Intelligence. Versions — versions 1.1.0, next of 1.1.1
- Micro Focus Network Operation Management — versions 2017.11
- Micro Focus Operation Bridge Suite (Containerized) — versions 2018.05, 2018.08, 2018.11
- Micro Focus Service Management Automation (Sma) — versions 2018.05, 2018.08, 2018.11
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
- security@opentext.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2020-11844?
- CVE-2020-11844 is a critical-severity vulnerability in Micro Focus Arcsight Esm (When Fusion, classified under Incorrect Authorization. CVSS score: 10.0/10. Published 2020-05-29.
- How severe is CVE-2020-11844?
- Critical severity. CVSS v3 base score is 10.0 out of 10.