CVE-2020-11844

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://softwaresupport.softwaregrp.com/doc/KM03645628
https://softwaresupport.softwaregrp.com/doc/KM03645629
https://softwaresupport.softwaregrp.com/doc/KM03645630
https://softwaresupport.softwaregrp.com/doc/KM03645631
https://softwaresupport.softwaregrp.com/doc/KM03645636
https://softwaresupport.softwaregrp.com/doc/KM03645642
https://support.microfocus.com/kb/doc.php?id=7024637

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:service_management_automation:2018.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2018.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2018.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2019.02:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2019.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2019.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2019.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation:2020.02:::::::*

History

07 Nov 2023, 03:15

Type	Values Removed	Values Added
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645631 - Vendor Advisory~~	() https://softwaresupport.softwaregrp.com/doc/KM03645631 -
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645636 -~~	() https://softwaresupport.softwaregrp.com/doc/KM03645636 -
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645642 -~~	() https://softwaresupport.softwaregrp.com/doc/KM03645642 -
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645629 -~~	() https://softwaresupport.softwaregrp.com/doc/KM03645629 -
References	~~(CONFIRM) https://support.microfocus.com/kb/doc.php?id=7024637 -~~	() https://support.microfocus.com/kb/doc.php?id=7024637 -
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645630 -~~	() https://softwaresupport.softwaregrp.com/doc/KM03645630 -
References	~~(CONFIRM) https://softwaresupport.softwaregrp.com/doc/KM03645628 -~~	() https://softwaresupport.softwaregrp.com/doc/KM03645628 -

Information

Published : 2020-05-29 22:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-11844

Mitre link : CVE-2020-11844

CVE.ORG link : CVE-2020-11844

JSON object : View

Products Affected

microfocus

service_management_automation

CWE

CWE-863

Incorrect Authorization

9.8 /10