Vulnerability CVE-2020-11856
Published: 2020-09-22

Description:
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.

Type:

CWE-862

 (Missing Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microfocus -> Operation bridge reporter 

 References:
https://softwaresupport.softwaregrp.com/doc/KM03710590
https://www.zerodayinitiative.com/advisories/ZDI-20-1216/
Copyright 2024, cxsecurity.com

 

Back to Top