RULE(RULE ID:332438)

Rule General Information
Release Date: 2021-01-28
Rule Name: Micro Focus UCMDB Remote Code Execution Vulnerability (CVE-2020-11854)
Severity:
CVE ID:
Rule Protection Details
Description: Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, Others
Reference: https://softwaresupport.softwaregrp.com/doc/KM03747657
https://softwaresupport.softwaregrp.com/doc/KM03747658
https://softwaresupport.softwaregrp.com/doc/KM03747854
ZeroDayInitiative:ZDI-20-1287
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://softwaresupport.softwaregrp.com/doc/KM03747657