CVE-2020-11855
CVE-2020-11855
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
22 Sep 2020Published on NVD
28 Oct 2020Metasploit module available
Weaponization speed
35 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.
Affected products
n/a · Operation Bridge Reporter.