CVE-2020-11844 — Incorrect Authorization in Focus Hybrid Cloud Management

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

9.8CRITICALNVD

CNA10.0

EPSS

1.0%

top 22.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Micro Focus Hybrid Cloud Management Micro Focus Network Operation Management Micro Focus Arcsight ESM When Arcsight Fusion +8 more

Timeline

PublishedMay 29

Latest updateMay 24

Description

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5micro_focus/arcsight_investigate_versions2.4.0, 3.0.0, 3.1.0+2

▶CVEListV5micro_focus/identity_intelligence_versions1.1.0

▶CVEListV5micro_focus/data_center_automation_containerized7 versions+6

▶CVEListV5micro_focus/network_operation_management2017.11 — 2019.11

▶CVEListV5micro_focus/arcsight_interset6.0.0

🔴Vulnerability Details

GHSA

GHSA-99j9-w4cp-4529: There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018↗2022-05-24

▶

CVEList

Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.↗2020-05-29

▶