CVE-2020-11844
Published May 29, 2020
Last updated a year ago
Overview
- Description
- Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
- Source
- security@opentext.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82C0FD9D-6117-40DE-9386-7327867F9615"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2019.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CEF7C73-7A74-4CAE-B420-F1BB011CEA30"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2019.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19C9AB03-FAC2-4150-BC35-37128DA918C8"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2019.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF6D712E-A7E4-4ACD-83D9-FF173C69381C"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2019.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBD8E09D-599D-4F8E-8221-C034BF0A70E6"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2020.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65EF7382-2760-4C01-8731-D5D8DDF3A47E"
}
],
"operator": "OR"
}
]
}
]