mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
325 lines
16 KiB
JSON
325 lines
16 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-11844",
|
|
"ASSIGNER": "security@suse.com",
|
|
"TITLE": "Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"source": {
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Hybrid Cloud Management",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "2018.05",
|
|
"version_affected": "<",
|
|
"version_value": "2019.11"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ArcSight Investigate. versions",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2.4.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.0.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.1.0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ArcSight Transformation Hub",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.0.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.1.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.2.0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ArcSight Interset",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "6.0.0"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ArcSight ESM (when ArcSight Fusion",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.2.1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Service Management Automation (SMA)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.08"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.11"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.02"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.08"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.11"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2020.02"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": " Operation Bridge Suite (Containerized)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.08"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.11"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.02"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.8"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.11"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Network Operation Management",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "2017.11",
|
|
"version_affected": "<=",
|
|
"version_value": "2019.11"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Data Center Automation Containerized",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.08"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2018.11"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.02"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.05"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.08"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2019.11"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Identity Intelligence. versions",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.1.0"
|
|
},
|
|
{
|
|
"version_affected": "!>",
|
|
"version_value": "1.1.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Micro Focus "
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-863 Incorrect Authorization"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation."
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645636",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645636"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645642",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645642"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645631",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645631"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645630",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645630"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645629",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645629"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://softwaresupport.softwaregrp.com/doc/KM03645628",
|
|
"url": "https://softwaresupport.softwaregrp.com/doc/KM03645628"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.microfocus.com/kb/doc.php?id=7024637",
|
|
"url": "https://support.microfocus.com/kb/doc.php?id=7024637"
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"version": "3.1",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
|
"baseScore": 10,
|
|
"baseSeverity": "CRITICAL"
|
|
}
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-863 Incorrect Authorization"
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "For Data Center Automation Containerized https://softwaresupport.softwaregrp.com/doc/KM03645628\nFor Network Operation Management https://softwaresupport.softwaregrp.com/doc/KM03645629\nFor Operation Bridge Suite https://softwaresupport.softwaregrp.com/doc/KM03645630\nFor SMA https://softwaresupport.softwaregrp.com/doc/KM03645631\nFor ArcSight apps https://softwaresupport.softwaregrp.com/doc/KM03645642\nFor Hybrid Cloud Management https://softwaresupport.softwaregrp.com/doc/KM03645636\nFor Identity Intelligence https://support.microfocus.com/kb/doc.php?id=7024637\" } ] }"
|
|
}
|
|
]
|
|
} |