Micro Focus OBM - Authentication Bypass (CVE-2020-11853)
- Severity
- CVSSv3 Score
- 8.8
- Vulnerability description
Micro Focus OBM is affected by an Authentication Bypass vulnerability, affecting the /ucmdb-ui/cms/loginRequest.do endpoint. The root cause of this vulnerability consists in using hard-coded credentials for the
diagnostics
user.- Risk description
The risk exists that a remote authenticated attacker can achieve Remote Code Execution using Java insecure deserialization and compromise the server in order to steal sensitive information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade the Micro Focus OBM to a version higher or equal than 20.10 or apply the hotfixes, specified in the advisory.
- References
https://nvd.nist.gov/vuln/detail/CVE-2020-11853
https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2020-05-hotfixes
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- No
- Vuln date
- Oct 2020
- Published at
- Updated at
- Software Type
- Monitoring system
- Vendor
- Micro Focus
- Product
- Operations Bridge Manager