CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0CVE-2020-11856 – Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11856
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. Una vulnerabilidad de ejecución de código arbitraria en Micro Focus Operation Bridge Reporter, afectando a la versión 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de OBR This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. • https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1216 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-11857 – Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11857
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos acceder al host de OBR como un usuario no administrador This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboadmin user during installation. The product contains a hard-coded password for this account. • http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1215 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11855 – Micro Focus Operations Bridge Reporter HPE-OBR Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-11855
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes locales en el host OBR ejecutar código con privilegios escalados This vulnerability allows local attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Reporter. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product's installer. • https://softwaresupport.softwaregrp.com/doc/KM03710590 https://www.zerodayinitiative.com/advisories/ZDI-20-1217 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11861
https://notcve.org/view.php?id=CVE-2020-11861
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. Una vulnerabilidad de escalada de privilegios local no autorizada en Micro Focus Operation Agent, que afecta a todas las versiones anteriores a la versión 12.11. La vulnerabilidad podría ser explotada para escalar los privilegios locales y conseguir acceso root en el sistema • https://softwaresupport.softwaregrp.com/doc/KM03709900 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11848
https://notcve.org/view.php?id=CVE-2020-11848
Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. Vulnerabilidad de Denegación de Servicio en Micro Focus ArcSight Management Center. Afectando a todas las versiones anteriores a 2.9.5. • https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-9-5-Release-Notes/ta-p/2814648 •