Strix
26.1K

CVE-2020-11858

HIGHCVSS 7.8/10EPSS 2.69%

Last modified

CVE-2020-11858 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. EPSS estimates a 2.69% chance of exploitation in the next 30 days.

Description

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.69%

83.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
MicrofocusOperations Bridge2017.11
MicrofocusOperations Bridge2018.02
MicrofocusOperations Bridge2018.05
MicrofocusOperations Bridge2018.08
MicrofocusOperations Bridge2018.11
MicrofocusOperations Bridge2019.05
MicrofocusOperations Bridge2019.08
MicrofocusOperations Bridge2020.05
MicrofocusOperations Bridge Manager<= 10.10
MicrofocusOperations Bridge Manager10.11
MicrofocusOperations Bridge Manager10.12
MicrofocusOperations Bridge Manager10.60
MicrofocusOperations Bridge Manager10.61
MicrofocusOperations Bridge Manager10.62
MicrofocusOperations Bridge Manager10.63
MicrofocusOperations Bridge Manager2018.05
MicrofocusOperations Bridge Manager2018.11
MicrofocusOperations Bridge Manager2019.05
MicrofocusOperations Bridge Manager2019.11
MicrofocusOperations Bridge Manager2020.05

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11858?
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.
How severe is CVE-2020-11858?
CVE-2020-11858 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 2.69% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11858?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11858?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST