virus logo Intrusion Prevention

Micro.Focus.OBM.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Micro Focus Operation Bridge Manager.
A remote, authenticated attacker can exploit this vulnerability by uploading an craft serialized java object to the vulnerable . Successful exploitation results in the execution of arbitrary code within the context of the application.

affected-products-logoAffected Products

Micro Focus Operation Bridge Manager version 10.12 and prior
Micro Focus Operation Bridge Manager version 10.60 to version 10.63
Micro Focus Operation Bridge Manager 2017.11
Micro Focus Operation Bridge Manager 2018.02
Micro Focus Operation Bridge Manager 2018.05
Micro Focus Operation Bridge Manager 2018.08
Micro Focus Operation Bridge Manager 2018.11
Micro Focus Operation Bridge Manager 2019.05
Micro Focus Operation Bridge Manager 2019.08
Micro Focus Operation Bridge Manager 2019.11
Micro Focus Operation Bridge Manager 2020.05
Micro Focus Application Performance Management 9.40
Micro Focus Application Performance Management 9.50
Micro Focus Application Performance Management 9.51
Micro Focus Data Center Automation version 2019.11 and prior
Micro Focus Data Center Automation version 2020.02
Micro Focus Data Center Automation version 2020.05
Micro Focus Hybrid Cloud Management version 2018.05 to version 2020.05

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://softwaresupport.softwaregrp.com/doc/KM03747657
https://softwaresupport.softwaregrp.com/doc/KM03747658
https://softwaresupport.softwaregrp.com/doc/KM03747854
https://softwaresupport.softwaregrp.com/doc/KM03747948
https://softwaresupport.softwaregrp.com/doc/KM03747949
https://softwaresupport.softwaregrp.com/doc/KM03747950
https://softwaresupport.softwaregrp.com/doc/KM03749879

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-03-15 23.512 Name:Microfocus.
OBM.
Remote.
Code.
Execution:Micro.
Focus.
OBM.
Remote.
Code.
Execution
2021-06-10 18.096 Sig Added
2021-02-25 17.023
ID 49841
Created Feb 17, 2021
Updated Mar 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-11853
Exploit Prediction Score 81.91%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other