Strix
26.1K

CVE-2020-11854

CRITICALCVSS 9.8/10EPSS 74.23%

Last modified

CVE-2020-11854 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. EPSS estimates a 74.23% chance of exploitation in the next 30 days.

Description

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
74.23%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MicrofocusApplication Performance Management9.50
MicrofocusApplication Performance Management9.51
MicrofocusOperations Bridge2017.11
MicrofocusOperations Bridge2018.02
MicrofocusOperations Bridge2018.05
MicrofocusOperations Bridge2018.08
MicrofocusOperations Bridge2018.11
MicrofocusOperations Bridge2019.05
MicrofocusOperations Bridge2019.08
MicrofocusOperations Bridge2020.05
MicrofocusOperations Bridge Manager<= 10.10
MicrofocusOperations Bridge Manager10.11
MicrofocusOperations Bridge Manager10.12
MicrofocusOperations Bridge Manager10.60
MicrofocusOperations Bridge Manager10.61
MicrofocusOperations Bridge Manager10.62
MicrofocusOperations Bridge Manager10.63
MicrofocusOperations Bridge Manager2018.05
MicrofocusOperations Bridge Manager2018.11
MicrofocusOperations Bridge Manager2019.05
MicrofocusOperations Bridge Manager2019.11
MicrofocusOperations Bridge Manager2020.05
MicrofocusApplication Performance Management9.40

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11854?
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
How severe is CVE-2020-11854?
CVE-2020-11854 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 74.23% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11854?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11854?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST