Micro Focus Operations Bridge (containerized): Security Update for CVE-2020-11853+11854+11858

  • Document ID:KM03719536
  • Creation Date:01-Oct-2020
  • Modified Date:20-Oct-2020
    • Micro Focus Products:
      operations bridge containerized

Summary

This article describes the actions to fix the product security vulnerabilities CVE-2020-11853, CVE-2020-11854 and CVE-2020-11858. Multiple vulnerabilities have been identified for Micro Focus Operations Bridge (containerized). Please note that the vulnerabilities are only applicable if the Operations Bridge Manager capability is deployed. CVE-2020-11853: A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application and authentication as a valid user of OBM. CVE-2020-11854: A vulnerability allows remote attackers to execute arbitrary code on affected installations of OBM. An attack requires network access to the OBM application. CVE-2020-11858 A vulnerability allows local attackers on the OBM host to execute code with escalated privileges.

Cause

Micro Focus provides a fix for this vulnerability for Operations Bridge (containerized) 2019.11.
Micro Focus recommends upgrading prior versions of Operations Bridge (containerized) to 2019.11.

Fix

  1. Follow the instructions to apply the fix for Operations Bridge (containerized) 2019.11 provided here: https://docs.microfocus.com/itom/Operations_Bridge:2019.11/OPSB_00009
  1. Upon successful completion of the installation, delete the user diagnostics that is active in UCMDB:
    • Launch UCMDB UI via UCMDB Local Client using admin credentials
    • Navigate through Managers > Security> Users and Groups
    • Select the user diagnostics and delete it