Microfocus.OBM.Remote.Code.Execution
- 特征库ID:
49841
- 漏洞级别:
high
- CVE ID:
CVE-2020-11853
- 建议的动作:
drop
- 受影响的系统:
Windows, Linux
- 协议:
攻击漏洞描述
这表示攻击企图利用 Micro Focus Operation Bridge Manager 中的不安全反序列化漏洞。经过身份验证的远程攻击者可以通过将工艺序列化的 java 对象上传到易受攻击的 .成功利用会导致在应用程序上下文中执行任意代码。
影响范围
Micro Focus Operation Bridge Manager version 10.12 and prior
Micro Focus Operation Bridge Manager version 10.60 to version 10.63
Micro Focus Operation Bridge Manager 2017.11
Micro Focus Operation Bridge Manager 2018.02
Micro Focus Operation Bridge Manager 2018.05
Micro Focus Operation Bridge Manager 2018.08
Micro Focus Operation Bridge Manager 2018.11
Micro Focus Operation Bridge Manager 2019.05
Micro Focus Operation Bridge Manager 2019.08
Micro Focus Operation Bridge Manager 2019.11
Micro Focus Operation Bridge Manager 2020.05
Micro Focus Application Performance Management 9.40
Micro Focus Application Performance Management 9.50
Micro Focus Application Performance Management 9.51
Micro Focus Data Center Automation version 2019.11 and prior
Micro Focus Data Center Automation version 2020.02
Micro Focus Data Center Automation version 2020.05
Micro Focus Hybrid Cloud Management version 2018.05 to version 2020.05
可能带来的后果
系统被入侵:远程攻击者可以控制易受攻击的系统。
解决办法
应用供应商提供的最新升级或补丁。 https://softwaresupport.softwaregrp.com/doc/KM03747657 https://softwaresupport.softwaregrp.com/doc/KM03747658 https://softwaresupport.softwaregrp.com/doc/KM03747854 https://softwaresupport.softwaregrp.com/doc /KM03747948 https://softwaresupport.softwaregrp.com/doc/KM03747949 https://softwaresupport.softwaregrp.com/doc/KM03747950 https://softwaresupport.softwaregrp.com/doc/KM03749879