CVE-2020-11853

Published: Oct 22, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Vendor	Product	Versions
Micro Focus	Operation Bridge Manager	affected `2020.5` affected `2019.11` affected `2019.05` affected `2018.11` affected `2018.05` +1 more versions
Micro Focus	Application Performance Management	affected `9.51` affected `9.50` affected `9.40`
Micro Focus	Data Center Automation	affected `2019.11`
Micro Focus	Operations Bridge (containerized)	affected `2019.11` affected `2019.08` affected `2019.05` affected `2018.11` affected `2018.08` +3 more versions
Micro Focus	Universal CMDB	affected `2020.05` affected `2019.11` affected `2019.05` affected `2019.02` affected `2018.11` +7 more versions
Micro Focus	Hybrid Cloud Management	affected `2018.05 - <= 2020.05`
Micro Focus	Service Management Automation	affected `2020.05` affected `2020.02`