CVE-2020-11853— Arbitrary code execution vulnerability on multiple Micro Focus products

CVSS 8.8 · High EPSS 92.68% · P100 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-11853

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Arbitrary code execution vulnerability on multiple Micro Focus products

Source: NVD (National Vulnerability Database)

Vulnerability Description

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Micro Focus Operation Bridge Manager 代码注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Micro Focus Operation Bridge Manager是英国Micro Focus公司的一款企业级监控软件。该软件通过HTML5来可视化总结服务运行状况。 Micro Focus Operation Bridge Manager 多版本存在代码注入漏洞。该漏洞可能允许远程攻击者执行任意代码。受影响版本如下：2020.05、2019.11、2019.05、2018.11、2018.05、10.6x和10.1x及之前版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE
Micro Focus	Operation Bridge Manager	2020.5	-
Micro Focus	Application Performance Management	9.51	-
Micro Focus	Data Center Automation	2019.11	-
Micro Focus	Operations Bridge (containerized)	2019.11	-
Micro Focus	Universal CMDB	2020.05	-
Micro Focus	Hybrid Cloud Management	2018.05 ~ 2020.05	-
Micro Focus	Service Management Automation	2020.05	-

II. Public POCs for CVE-2020-11853

#	POC Description	Source Link	Shenlong Link
1	A simple workflow that runs all Micro Focus related nuclei templates on a given target.	https://github.com/projectdiscovery/nuclei-templates/blob/main/workflows/micro-focus-workflow.yaml	POC Details
2	Micro Focus Universal CMDB default login credentials were discovered for diagnostics/admin. Note there is potential for this to be chained together with other vulnerabilities as with CVE-2020-11853 and CVE-2020-11854.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/UCMDB/ucmdb-default-login.yaml	POC Details
3	Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11853.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-11853

请登录查看更多情报信息。

Packet Stormx_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747949x_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747657x_refsource_MISC
http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.htmlx_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747948x_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747854x_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03749879x_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747658x_refsource_MISC
https://softwaresupport.softwaregrp.com/doc/KM03747950x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-11853

IV. Related Vulnerabilities

Same vendor: Micro Focus

V. Comments for CVE-2020-11853

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-11853— Arbitrary code execution vulnerability on multiple Micro Focus products

I. Basic Information for CVE-2020-11853

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2020-11853

III. Intelligence Information for CVE-2020-11853

IV. Related Vulnerabilities

V. Comments for CVE-2020-11853

Leave a comment