⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2020-11854Hard-coded Credentials in Focus Operation Bridge Manager

CWE-798Hard-coded CredentialsCWE-287Improper Authentication7 documents5 sources
Severity
9.8CRITICALNVD
EPSS
92.4%
top 0.27%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Micro Focus Operation Bridge ManagerMicrofocus Operations Bridge ManagerMicro Focus Application Performance Management+3 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5micro_focus/operation_bridge_managerunspecified10.10+11
CVEListV5micro_focus/operation_bridge8 versions+7

🔴Vulnerability Details

3
GHSA
GHSA-g58f-4539-9qhg: Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerabil2022-05-24
CVEList
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.2020-10-27
VulnCheck
Micro Focus application_performance_management Use of Hard-coded Credentials2020

💥Exploits & PoCs

3
Nuclei
Micro Focus Checks
Nuclei
Micro Focus Universal CMDB Default Login
Nuclei
Micro Focus UCMDB - Remote Code Execution
CVE-2020-11854 — Hard-coded Credentials | cvebase