CVE-2020-11853 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Multiple Microfocus products.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
The Multiple Micro Focus products are used for various purposes, from monitoring to automation. Operation Bridge Manager is used for IT infrastructure monitoring, while Application Performance Management is for monitoring the performance of applications. Data Center Automation is a platform that can automate tasks and streamline workflows in the data center. Meanwhile, Operations Bridge and Hybrid Cloud Management provide end-to-end visibility and control in managing IT services across different environments. Universal CMDB is used for IT asset and service management, while Service Management Automation automates IT service management processes.
One of the vulnerabilities affecting multiple Micro Focus products is CVE-2020-11853. This vulnerability allows an attacker to execute arbitrary code on the affected system or execute a denial-of-service (DoS) attack. The vulnerability is caused by improper validation of user-supplied input by affected software components.
Arbitrary code execution vulnerability affecting multiple Micro Focus products.
- Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions.
- Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3
- Data Center Automation affected version 2019.11
- Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11
- Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30
- Hybrid Cloud Management affecting version 2020.05
- Service Management Automation affecting version 2020.5 and 2020.02.
Exploiting this vulnerability could lead to serious consequences, such as unauthorized access to sensitive data or taking over control of the affected system. This could lead to system downtime, data loss, and reputational damage. The risk of exploitation is high, especially when combined with other vulnerabilities or attack techniques.
Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets. The platform provides detailed vulnerability reports, severity ratings, and recommended actions to take to mitigate the risks. Users can also receive timely alerts and notifications on newly discovered vulnerabilities, reducing the time needed to respond and remediate the issues.
REFERENCES