CVE-2020-11844
Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
La vulnerabilidad de la autorización incorrecta en el componente Micro Focus Container Deployment Foundation afecta a los productos: Hybrid Cloud Management. desde la versión 2018.05 hasta 2019.11. - ArcSight Investigate. versiones 2.4.0, 3.0.0 y 3.1.0. - ArcSight Transformation Hub. versiones 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. versión 6.0.0. - ArcSight ESM (cuando se instala ArcSight Fusion 1.0). versión 7.2.1. - Service Management Automation (SMA). desde la versión 2018.05 hasta 2020.02 - Operation Bridge Suite (Containerized). desde la versión 2018.05 hasta 2020.02. - Network Operation Management. desde la versión 2017.11 hasta 2019.11. - Data Center Automation Containerized. desde la versión 2018.05 hasta 2019.11. La vulnerabilidad podría ser explotada para proporcionar acceso no autorizado al Container Deployment Foundation
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-16 CVE Reserved
- 2020-05-29 CVE Published
- 2024-05-05 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03645628 | X_refsource_confirm | |
| https://softwaresupport.softwaregrp.com/doc/KM03645629 | X_refsource_confirm | |
| https://softwaresupport.softwaregrp.com/doc/KM03645630 | X_refsource_confirm | |
| https://softwaresupport.softwaregrp.com/doc/KM03645631 | X_refsource_confirm | |
| https://softwaresupport.softwaregrp.com/doc/KM03645636 | X_refsource_confirm | |
| https://softwaresupport.softwaregrp.com/doc/KM03645642 | X_refsource_confirm | |
| https://support.microfocus.com/kb/doc.php?id=7024637 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.05 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.08 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.08" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.11 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2019.02 Search vendor "Microfocus" for product "Service Management Automation" and version "2019.02" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2019.05 Search vendor "Microfocus" for product "Service Management Automation" and version "2019.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2019.08 Search vendor "Microfocus" for product "Service Management Automation" and version "2019.08" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2019.11 Search vendor "Microfocus" for product "Service Management Automation" and version "2019.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2020.02 Search vendor "Microfocus" for product "Service Management Automation" and version "2020.02" | - |
Affected
| ||||||