CVE-2020-11858
Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.
Una ejecución de código con una vulnerabilidad de privilegios escalados en los productos Micro Focus Operation Bridge Manager y Operation Bridge (en contenedores). La vulnerabilidad afecta: 1.) Operation Bridge Manager versiones: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 y todas las versiones anteriores. 2.) Operations Bridge (en contenedores) versiones: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 y 2017.11. La vulnerabilidad podría permitir a atacantes locales ejecutar código con privilegios escalados
This vulnerability allows local attackers to escalate privileges on affected installations of Micro Focus Operations Bridge Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from incorrect permissions set on the installation directory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-16 CVE Reserved
- 2020-10-27 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/161411/Micro-Focus-Operations-Bridge-Manager-Local-Privilege-Escalation.html | X_refsource_misc |
|
| https://softwaresupport.softwaregrp.com/doc/KM03747658 | X_refsource_misc | |
| https://softwaresupport.softwaregrp.com/doc/KM03747854 | X_refsource_misc | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1326 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2017.11 Search vendor "Microfocus" for product "Operations Bridge" and version "2017.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2018.02 Search vendor "Microfocus" for product "Operations Bridge" and version "2018.02" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2018.05 Search vendor "Microfocus" for product "Operations Bridge" and version "2018.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2018.08 Search vendor "Microfocus" for product "Operations Bridge" and version "2018.08" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2018.11 Search vendor "Microfocus" for product "Operations Bridge" and version "2018.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2019.05 Search vendor "Microfocus" for product "Operations Bridge" and version "2019.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2019.08 Search vendor "Microfocus" for product "Operations Bridge" and version "2019.08" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Search vendor "Microfocus" for product "Operations Bridge" | 2020.05 Search vendor "Microfocus" for product "Operations Bridge" and version "2020.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | <= 10.10 Search vendor "Microfocus" for product "Operations Bridge Manager" and version " <= 10.10" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.11 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.12 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.12" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.60 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.60" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.61 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.61" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.62 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.62" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 10.63 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "10.63" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 2018.05 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "2018.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 2018.11 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "2018.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 2019.05 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "2019.05" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 2019.11 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "2019.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Operations Bridge Manager Search vendor "Microfocus" for product "Operations Bridge Manager" | 2020.05 Search vendor "Microfocus" for product "Operations Bridge Manager" and version "2020.05" | - |
Affected
| ||||||