Vulnerability in Micro Focus Application Performance Management
CVE-2020-11853
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Perfo…
EPSS: 0.927 (99.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Micro Focus Application Performance Management — versions 9.51, 9.50, 9.40
- Micro Focus Data Center Automation — versions 2019.11
- Micro Focus Hybrid Cloud Management — versions 2018.05
- Micro Focus Operation Bridge Manager — versions 2020.5, 2019.11, 2019.05
- Micro Focus Operations Bridge (Containerized) — versions 2019.11, 2019.08, 2019.05
- Micro Focus Service Management Automation — versions 2020.05, 2020.02
- Micro Focus Universal Cmdb — versions 2020.05, 2019.11, 2019.05
Public proof-of-concept exploits
- rapid7/metasploit-framework
- rapid7/metasploit-framework
- 20142995/nuclei-templates
- ARPSyndicate/cvemon
- ARPSyndicate/kenzer-templates
- AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- BrittanyKuhn/javascript-tutorial
- Elsfa7-110/kenzer-templates
- GrrrDog/Java-Deserialization-Cheat-Sheet
- Live-Hack-CVE/CVE-2020-11853
References
- softwaresupport.softwaregrp.com/doc/KM03747658 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03747657 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03747854 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03749879 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03747949 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03747948 (x_refsource_MISC)
- softwaresupport.softwaregrp.com/doc/KM03747950 (x_refsource_MISC)
- packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.ht… (x_refsource_MISC)
- packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remo… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-11853?
- CVE-2020-11853 is a high-severity vulnerability in Micro Focus Application Performance Management. CVSS score: 8.8/10. Published 2020-10-22.
- How severe is CVE-2020-11853?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2020-11853 known to be exploited?
- 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.