Search criteria
4 vulnerabilities found for service_manager_automation by microfocus
CVE-2020-11853 (GCVE-0-2020-11853)
Vulnerability from nvd – Published: 2020-10-22 20:37 – Updated: 2024-08-04 11:42
VLAI?
Title
Arbitrary code execution vulnerability on multiple Micro Focus products
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Severity ?
8.8 (High)
CWE
- Arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Operation Bridge Manager |
Affected:
2020.5
Affected: 2019.11 Affected: 2019.05 Affected: 2018.11 Affected: 2018.05 Affected: unspecified , ≤ 10.63 (custom) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operation Bridge Manager ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.5"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.05"
},
{
"lessThanOrEqual": "10.63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Application Performance Management ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.40"
}
]
},
{
"product": "Data Center Automation",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Operations Bridge (containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.02"
},
{
"status": "affected",
"version": "2017.11"
}
]
},
{
"product": "Universal CMDB ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.33"
},
{
"status": "affected",
"version": "10.32"
},
{
"status": "affected",
"version": "10.31"
},
{
"status": "affected",
"version": "10.30"
}
]
},
{
"product": "Hybrid Cloud Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThanOrEqual": "2020.05",
"status": "affected",
"version": "2018.05",
"versionType": "custom"
}
]
},
{
"product": "Service Management Automation ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2020.02"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T16:06:12",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary code execution vulnerability on multiple Micro Focus products ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11853",
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution vulnerability on multiple Micro Focus products "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operation Bridge Manager ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.5"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "\u003c=",
"version_value": "10.63"
}
]
}
},
{
"product_name": "Application Performance Management ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.51"
},
{
"version_affected": "=",
"version_value": "9.50"
},
{
"version_affected": "=",
"version_value": "9.40"
}
]
}
},
{
"product_name": "Data Center Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Operations Bridge (containerized)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.02"
},
{
"version_affected": "=",
"version_value": "2017.11"
}
]
}
},
{
"product_name": "Universal CMDB ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.33"
},
{
"version_affected": "=",
"version_value": "10.32"
},
{
"version_affected": "=",
"version_value": "10.31"
},
{
"version_affected": "=",
"version_value": "10.30"
}
]
}
},
{
"product_name": "Hybrid Cloud Management",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2018.05",
"version_value": "2020.05"
}
]
}
},
{
"product_name": "Service Management Automation ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2020.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03749879",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747949",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747948",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11853",
"datePublished": "2020-10-22T20:37:51",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9521 (GCVE-0-2020-9521)
Vulnerability from nvd – Published: 2020-03-26 14:21 – Updated: 2024-08-04 10:34
VLAI?
Summary
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Severity ?
No CVSS data available.
CWE
- SQL injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Micro Focus - Service Manager Automation (SMA) |
Affected:
2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus - Service Manager Automation (SMA)",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus - Service Manager Automation (SMA)",
"version": {
"version_data": [
{
"version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630615",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9521",
"datePublished": "2020-03-26T14:21:41",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11853 (GCVE-0-2020-11853)
Vulnerability from cvelistv5 – Published: 2020-10-22 20:37 – Updated: 2024-08-04 11:42
VLAI?
Title
Arbitrary code execution vulnerability on multiple Micro Focus products
Summary
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
Severity ?
8.8 (High)
CWE
- Arbitrary code execution
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Operation Bridge Manager |
Affected:
2020.5
Affected: 2019.11 Affected: 2019.05 Affected: 2018.11 Affected: 2018.05 Affected: unspecified , ≤ 10.63 (custom) |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operation Bridge Manager ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.5"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.05"
},
{
"lessThanOrEqual": "10.63",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Application Performance Management ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.40"
}
]
},
{
"product": "Data Center Automation",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
}
]
},
{
"product": "Operations Bridge (containerized)",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.08"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "2018.02"
},
{
"status": "affected",
"version": "2017.11"
}
]
},
{
"product": "Universal CMDB ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2019.11"
},
{
"status": "affected",
"version": "2019.05"
},
{
"status": "affected",
"version": "2019.02"
},
{
"status": "affected",
"version": "2018.11"
},
{
"status": "affected",
"version": "2018.08"
},
{
"status": "affected",
"version": "2018.05"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.33"
},
{
"status": "affected",
"version": "10.32"
},
{
"status": "affected",
"version": "10.31"
},
{
"status": "affected",
"version": "10.30"
}
]
},
{
"product": "Hybrid Cloud Management",
"vendor": "Micro Focus ",
"versions": [
{
"lessThanOrEqual": "2020.05",
"status": "affected",
"version": "2018.05",
"versionType": "custom"
}
]
},
{
"product": "Service Management Automation ",
"vendor": "Micro Focus ",
"versions": [
{
"status": "affected",
"version": "2020.05"
},
{
"status": "affected",
"version": "2020.02"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T16:06:12",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary code execution vulnerability on multiple Micro Focus products ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11853",
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution vulnerability on multiple Micro Focus products "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operation Bridge Manager ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.5"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "\u003c=",
"version_value": "10.63"
}
]
}
},
{
"product_name": "Application Performance Management ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.51"
},
{
"version_affected": "=",
"version_value": "9.50"
},
{
"version_affected": "=",
"version_value": "9.40"
}
]
}
},
{
"product_name": "Data Center Automation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
}
]
}
},
{
"product_name": "Operations Bridge (containerized)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.08"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "2018.02"
},
{
"version_affected": "=",
"version_value": "2017.11"
}
]
}
},
{
"product_name": "Universal CMDB ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2019.11"
},
{
"version_affected": "=",
"version_value": "2019.05"
},
{
"version_affected": "=",
"version_value": "2019.02"
},
{
"version_affected": "=",
"version_value": "2018.11"
},
{
"version_affected": "=",
"version_value": "2018.08"
},
{
"version_affected": "=",
"version_value": "2018.05"
},
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.33"
},
{
"version_affected": "=",
"version_value": "10.32"
},
{
"version_affected": "=",
"version_value": "10.31"
},
{
"version_affected": "=",
"version_value": "10.30"
}
]
}
},
{
"product_name": "Hybrid Cloud Management",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2018.05",
"version_value": "2020.05"
}
]
}
},
{
"product_name": "Service Management Automation ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.05"
},
{
"version_affected": "=",
"version_value": "2020.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Pedro Ribeiro from Agile Information Security working with Trend Micro Zero Day Initiative for discovering and reporting the vulnerability. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Arbitrary code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747658",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747658"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747657",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747657"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747854",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747854"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03749879",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03749879"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747949",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747949"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747948",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747948"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03747950",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03747950"
},
{
"name": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For Operation Bridge Manager https://softwaresupport.softwaregrp.com/doc/KM03747658\nFor Application Performance Management https://softwaresupport.softwaregrp.com/doc/KM03747657\nFor Data Center Automation https://softwaresupport.softwaregrp.com/doc/KM03749879\nFor Operation Bridge (containerized) https://softwaresupport.softwaregrp.com/doc/KM03747854\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03747949\nFor Universal CMDB https://softwaresupport.softwaregrp.com/doc/KM03747948\nFor Service Management Automation https://softwaresupport.softwaregrp.com/doc/KM03747950"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11853",
"datePublished": "2020-10-22T20:37:51",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9521 (GCVE-0-2020-9521)
Vulnerability from cvelistv5 – Published: 2020-03-26 14:21 – Updated: 2024-08-04 10:34
VLAI?
Summary
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Severity ?
No CVSS data available.
CWE
- SQL injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Micro Focus - Service Manager Automation (SMA) |
Affected:
2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus - Service Manager Automation (SMA)",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus - Service Manager Automation (SMA)",
"version": {
"version_data": [
{
"version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630615",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9521",
"datePublished": "2020-03-26T14:21:41",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}