cvelistv5 - cve-2020-11852

CVE-2020-11852 (GCVE-0-2020-11852)

Vulnerability from cvelistv5

Published

2020-08-07 15:53

Modified

2024-08-04 11:42

Severity ?

CWE

Inject system commands into the call to the DKIM system command.

Summary

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.

References

▼	URL	Tags
	security@opentext.com	https://support.microfocus.com/kb/doc.php?id=7024775
	af854a3a-2127-422b-91ae-364da2661108	https://support.microfocus.com/kb/doc.php?id=7024775

Impacted products

	Vendor	Product	Version
	n/a	Secure Messaging Gateway ( SMG).	Version: All SMG versions prior to July 2020 version.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secure Messaging Gateway ( SMG).",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All SMG versions prior to July 2020 version."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inject system commands into the call to the DKIM system command.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-07T15:53:57",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2020-11852",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secure Messaging Gateway ( SMG).",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All SMG versions prior to July 2020 version."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inject system commands into the call to the DKIM system command."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.microfocus.com/kb/doc.php?id=7024775",
              "refsource": "MISC",
              "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2020-11852",
    "datePublished": "2020-08-07T15:53:57",
    "dateReserved": "2020-04-16T00:00:00",
    "dateUpdated": "2024-08-04T11:42:00.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11852\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2020-08-07T16:15:11.700\",\"lastModified\":\"2024-11-21T04:58:45.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de la p\u00e1gina de administraci\u00f3n de claves DKIM en Micro Focus Secure Messaging Gateway (SMG). Afectando a todas las versiones en ejecuci\u00f3n del dispositivo SMG versiones anteriores a julio de 2020. La vulnerabilidad podr\u00eda permitir a un usuario que haya iniciado sesi\u00f3n con derechos para generar informaci\u00f3n de la clave DKIM inyectar comandos del sistema en la llamada al comando del sistema DKIM\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2020-07-01\",\"matchCriteriaId\":\"35074F77-D5C0-48B4-BC5A-FD6930AB8975\"}]}]}],\"references\":[{\"url\":\"https://support.microfocus.com/kb/doc.php?id=7024775\",\"source\":\"security@opentext.com\"},{\"url\":\"https://support.microfocus.com/kb/doc.php?id=7024775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-mwwm-6m8g-p8pv

Vulnerability from github

Published

2022-05-24 17:25

Modified

2022-05-24 17:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-11852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-07T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.",
  "id": "GHSA-mwwm-6m8g-p8pv",
  "modified": "2022-05-24T17:25:02Z",
  "published": "2022-05-24T17:25:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11852"
    },
    {
      "type": "WEB",
      "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-11852

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-11852

Aliases

CVE-2020-11852

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11852",
    "description": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.",
    "id": "GSD-2020-11852"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11852"
      ],
      "details": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.",
      "id": "GSD-2020-11852",
      "modified": "2023-12-13T01:22:06.538010Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2020-11852",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Secure Messaging Gateway ( SMG).",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All SMG versions prior to July 2020 version."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Inject system commands into the call to the DKIM system command."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.microfocus.com/kb/doc.php?id=7024775",
            "refsource": "MISC",
            "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020-07-01",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2020-11852"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.microfocus.com/kb/doc.php?id=7024775",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-08-07T16:15Z"
    }
  }
}

fkie_cve-2020-11852

Vulnerability from fkie_nvd

Published

2020-08-07 16:15

Modified

2024-11-21 04:58

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@opentext.com	https://support.microfocus.com/kb/doc.php?id=7024775
	af854a3a-2127-422b-91ae-364da2661108	https://support.microfocus.com/kb/doc.php?id=7024775

Impacted products

	Vendor	Product	Version
	microfocus	secure_messaging_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:secure_messaging_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35074F77-D5C0-48B4-BC5A-FD6930AB8975",
              "versionEndExcluding": "2020-07-01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de la p\u00e1gina de administraci\u00f3n de claves DKIM en Micro Focus Secure Messaging Gateway (SMG). Afectando a todas las versiones en ejecuci\u00f3n del dispositivo SMG versiones anteriores a julio de 2020. La vulnerabilidad podr\u00eda permitir a un usuario que haya iniciado sesi\u00f3n con derechos para generar informaci\u00f3n de la clave DKIM inyectar comandos del sistema en la llamada al comando del sistema DKIM"
    }
  ],
  "id": "CVE-2020-11852",
  "lastModified": "2024-11-21T04:58:45.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-07T16:15:11.700",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202008-0084

Vulnerability from variot

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0084",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure messaging gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microfocus",
        "version": "2020-07-01"
      },
      {
        "model": "secure messaging gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "micro focus",
        "version": null
      },
      {
        "model": "focus secure messaging gateway",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "micro",
        "version": "2020-7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microfocus:secure_messaging_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      }
    ]
  },
  "cve": "CVE-2020-11852",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2020-11852",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009059",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-50256",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-164472",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-11852",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009059",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-11852",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-009059",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-50256",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202008-280",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-164472",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. (DoS) It may be put into a state. The product supports functions such as email scanning and inbound and outbound protection",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-11852",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "id": "VAR-202008-0084",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      }
    ],
    "trust": 1.45
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:59:07.859000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "7024775",
        "trust": 0.8,
        "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
      },
      {
        "title": "Patch for Micro Focus Secure Messaging Gateway injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/232888"
      },
      {
        "title": "Micro Focus Secure Messaging Gateway Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125965"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-74",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11852"
      },
      {
        "trust": 1.7,
        "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11852"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "date": "2020-08-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "date": "2020-10-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "date": "2020-08-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "date": "2020-08-07T16:15:11.700000",
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "date": "2021-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164472"
      },
      {
        "date": "2020-10-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009059"
      },
      {
        "date": "2020-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      },
      {
        "date": "2024-11-21T04:58:45.460000",
        "db": "NVD",
        "id": "CVE-2020-11852"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Micro Focus Secure Messaging Gateway injection vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-50256"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-280"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2020-50256

Vulnerability from cnvd

Title: Micro Focus Secure Messaging Gateway注入漏洞

Description:

Micro Focus Secure Messaging Gateway（SMG）是英国Micro Focus公司的一款安全消息传递网关产品。该产品支持电子邮件扫描和出入站保护等功能。

Micro Focus SMG（2020-7之前版本）中存在安全漏洞。攻击者可利用该漏洞注入系统命令。

Severity: 高

Patch Name: Micro Focus Secure Messaging Gateway注入漏洞的补丁

Patch Description:

Micro Focus Secure Messaging Gateway（SMG）是英国Micro Focus公司的一款安全消息传递网关产品。该产品支持电子邮件扫描和出入站保护等功能。

Micro Focus SMG（2020-7之前版本）中存在安全漏洞。攻击者可利用该漏洞注入系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.microfocus.com/kb/doc.php?id=7024775

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-11852

Impacted products

Name
Micro Focus Secure Messaging Gateway（SMG） <2020-7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11852"
    }
  },
  "description": "Micro Focus Secure Messaging Gateway\uff08SMG\uff09\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u6d88\u606f\u4f20\u9012\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7535\u5b50\u90ae\u4ef6\u626b\u63cf\u548c\u51fa\u5165\u7ad9\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\n\nMicro Focus SMG\uff082020-7\u4e4b\u524d\u7248\u672c\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.microfocus.com/kb/doc.php?id=7024775",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-50256",
  "openTime": "2020-09-03",
  "patchDescription": "Micro Focus Secure Messaging Gateway\uff08SMG\uff09\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u6b3e\u5b89\u5168\u6d88\u606f\u4f20\u9012\u7f51\u5173\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7535\u5b50\u90ae\u4ef6\u626b\u63cf\u548c\u51fa\u5165\u7ad9\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nMicro Focus SMG\uff082020-7\u4e4b\u524d\u7248\u672c\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Micro Focus Secure Messaging Gateway\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Micro Focus Secure Messaging Gateway\uff08SMG\uff09 \u003c2020-7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11852",
  "serverity": "\u9ad8",
  "submitTime": "2020-08-11",
  "title": "Micro Focus Secure Messaging Gateway\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-11852 (GCVE-0-2020-11852)

Vulnerability from cvelistv5

ghsa-mwwm-6m8g-p8pv

Vulnerability from github

gsd-2020-11852

Vulnerability from gsd

fkie_cve-2020-11852

Vulnerability from fkie_nvd

var-202008-0084

Vulnerability from variot

cnvd-2020-50256

Vulnerability from cnvd

Tags

Sightings

Nomenclature