HomePentest-Tools.com Logo

Micro Focus OBM - Authentication Bypass (CVE-2020-11853)

Severity
CVSSv3 Score
8.8
Vulnerability description

Micro Focus OBM is affected by an Authentication Bypass vulnerability, affecting the /ucmdb-ui/cms/loginRequest.do endpoint. The root cause of this vulnerability consists in using hard-coded credentials for the diagnostics user.

Risk description

The risk exists that a remote authenticated attacker can achieve Remote Code Execution using Java insecure deserialization and compromise the server in order to steal sensitive information, install ransomware or pivot to the internal network.

Recommendation

Upgrade the Micro Focus OBM to a version higher or equal than 20.10 or apply the hotfixes, specified in the advisory.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
Oct 2020
Published at
Updated at
Software Type
Monitoring system
Vendor
Micro Focus
Product
Operations Bridge Manager