CVE-2020-11844 - Incorrect Authorization

Severity

98%

Complexity

39%

Confidentiality

98%

There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Demo Examples

Incorrect Authorization

CWE-863

The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user's authorization using a value stored in a cookie.


               
}
}
setcookie("role", $role, time()+60*60*2);
die("\n");
DisplayMedicalHistory($_POST['patient_ID']);
die("You are not Authorized to view this record\n");

The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the "role" cookie to the value "Reader". As a result, the $role variable is "Reader", and getRole() is never invoked. The attacker has bypassed the authorization system.

Overview

Type

Micro Focus Service Management Automation (SMA)

First reported 4 years ago

2020-05-29 22:15:00

Last updated 4 years ago

2020-06-16 00:15:00

Affected Software

Micro Focus Service Management Automation (SMA) 2018.08

2018.08

Micro Focus Service Management Automation (SMA) 2018.11

2018.11

Micro Focus Service Management Automation (SMA) 2019.02

2019.02

Micro Focus Service Management Automation (SMA) 2019.05

2019.05

Micro Focus Service Management Automation (SMA) 2019.08

2019.08

Micro Focus Service Management Automation (SMA) 2019.11

2019.11

Micro Focus Service Management Automation (SMA) 2020.02

2020.02

References

https://softwaresupport.softwaregrp.com/doc/KM03645631

https://softwaresupport.softwaregrp.com/doc/KM03645631

Vendor Advisory

https://softwaresupport.softwaregrp.com/doc/KM03645628

https://softwaresupport.softwaregrp.com/doc/KM03645629

https://softwaresupport.softwaregrp.com/doc/KM03645630

https://softwaresupport.softwaregrp.com/doc/KM03645636

https://softwaresupport.softwaregrp.com/doc/KM03645642

https://support.microfocus.com/kb/doc.php?id=7024637

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.