Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.
CVE-2020-11844

10CRITICAL

Key Information:

Vendor

Micro Focus

Status
Hybrid Cloud Management
Arcsight Investigate. Versions
Arcsight Transformation Hub
Arcsight Interset
Vendor
CVE Published:
29 May 2020

Badges

👾 Exploit Exists

What is CVE-2020-11844?

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Affected Version(s)

Operation Bridge Suite (Containerized) 2018.05

Operation Bridge Suite (Containerized) 2018.08

Operation Bridge Suite (Containerized) 2018.11

References

https://softwaresupport.softwaregrp.com/doc/KM03645636
x_refsource_CONFIRM
https://softwaresupport.softwaregrp.com/doc/KM03645642
x_refsource_CONFIRM
https://softwaresupport.softwaregrp.com/doc/KM03645631
x_refsource_CONFIRM

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.