Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products.
Description
Incorrect authorization in Micro Focus Container Deployment Foundation allows unauthenticated remote attackers to gain full access to the container platform.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Incorrect authorization in Micro Focus Container Deployment Foundation allows unauthenticated remote attackers to gain full access to the container platform.
Vulnerability
The vulnerability resides in the Micro Focus Container Deployment Foundation (CDF) component, which ships with multiple products. Affected products and versions include: Hybrid Cloud Management 2018.05 to 2019.11; ArcSight Investigate 2.4.0, 3.0.0, 3.1.0; ArcSight Transformation Hub 3.0.0, 3.1.0, 3.2.0; ArcSight Interset 6.0.0; ArcSight ESM 7.2.1 (when ArcSight Fusion 1.0 is installed); Service Management Automation (SMA) 2018.05 to 2020.02; Operation Bridge Suite (Containerized) 2018.05 to 2020.02; Network Operation Management 2017.11 to 2019.11; Data Center Automation Containerized 2018.05 to 2019.11; and Identity Intelligence 1.1.0 and 1.1.1 [1][2][3][4]. The vulnerability is an incorrect authorization issue that can be exploited to provide unauthorized access to the CDF component.
Exploitation
An attacker can exploit this vulnerability over the network without any authentication or user interaction. The CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating low attack complexity and no required privileges [1][2][3][4]. The attacker sends crafted requests to the CDF component, bypassing authorization checks.
Impact
Successful exploitation grants the attacker full unauthorized access to the Container Deployment Foundation. This leads to complete compromise of confidentiality, integrity, and availability of the CDF and potentially all containers and data managed by it. The CVSS base score is 10.0 (Critical) with a scope change, meaning the impact extends beyond the vulnerable component [1][2][3][4].
Mitigation
Micro Focus has released patches for each affected product. For Network Operation Management, customers must first upgrade to version 2019.11 and then apply the patch referenced in KB KM03638689 [1]. For Data Center Automation Containerized, apply the patch at KB KM03639302, which applies to all affected versions 2018.05 to 2019.11 [2]. For ArcSight products (Investigate, Transformation Hub, Interset, ESM with Fusion), apply the patch at KB KM03640219 [3]. For Hybrid Cloud Management, apply the patch at KB KM03640893 [4]. For other products (SMA, Operation Bridge Suite, Identity Intelligence), refer to the respective product-specific security bulletins. No workarounds are documented; applying the patches is the only mitigation.
- Network Operation Management. Incorrect Authorization vulnerability, CVE-2020-11844.
- Data Center Automation Containerized. Incorrect Authorization vulnerability, CVE-2020-11844.
- ArcSight products: Enterprise Security Manager, Interset, Transformation Hub and Investigate. Incorrect Authorization vulnerability, CVE-2020-11844.
- Hybrid Cloud Management. Incorrect Authorization vulnerability, CVE-2020-11844.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
21=2.4.0|=3.0.0|=3.1.0+ 1 more
- (no CPE)range: =2.4.0|=3.0.0|=3.1.0
- (no CPE)range: 2.4.0
=3.0.0|=3.1.0|=3.2.0+ 1 more
- (no CPE)range: =3.0.0|=3.1.0|=3.2.0
- (no CPE)range: 3.0.0
=6.0.0+ 1 more
- (no CPE)range: =6.0.0
- (no CPE)range: 6.0.0
>=2018.05 <=2019.11+ 1 more
- (no CPE)range: >=2018.05 <=2019.11
- (no CPE)range: 2018.05
=1.1.0|=1.1.1+ 1 more
- (no CPE)range: =1.1.0|=1.1.1
- (no CPE)range: 1.1.0
>=2018.05 <=2020.02+ 1 more
- (no CPE)range: >=2018.05 <=2020.02
- (no CPE)range: 2018.05
>=2017.11 <=2019.11+ 1 more
- (no CPE)range: >=2017.11 <=2019.11
- (no CPE)range: 2017.11
- Range: >=2018.05 <=2020.02
>=2018.05 <=2019.11+ 1 more
- (no CPE)range: >=2018.05 <=2019.11
- (no CPE)range: 2018.05
- Range: =7.2.1
- Micro Focus/ArcSight ESM (when ArcSight Fusionv5Range: 7.2.1
- Micro Focus/Service Management Automation (SMA)v5Range: 2018.05
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Incorrect authorization in the Container Deployment Foundation component allows unauthenticated network access to restricted functionality."
Attack vector
An unauthenticated attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction [ref_id=1][ref_id=2][ref_id=3][ref_id=4]. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) indicates the attack is network-based, requires no authentication, and can achieve complete compromise of confidentiality, integrity, and availability across changed scope boundaries [ref_id=1]. The vulnerability is described as an "Incorrect Authorization" issue in the Container Deployment Foundation component, meaning the component fails to properly enforce access controls, allowing unauthorized access [ref_id=1][ref_id=2][ref_id=3][ref_id=4].
Affected code
The vulnerability resides in the Micro Focus Container Deployment Foundation (CDF) component, which ships with multiple affected products including Hybrid Cloud Management, ArcSight Investigate, ArcSight Transformation Hub, ArcSight Interset, ArcSight ESM (with ArcSight Fusion 1.0), Service Management Automation (SMA), Operation Bridge Suite (Containerized), Network Operation Management, Data Center Automation Containerized, and Identity Intelligence [ref_id=1][ref_id=2][ref_id=3][ref_id=4]. The advisory does not specify particular functions, files, or code paths within the CDF component that are at fault.
What the fix does
Micro Focus has released mitigation information for each affected product line, directing customers to apply patches via specific KB articles: KM03639302 for Data Center Automation Containerized [ref_id=1], KM03640219 for ArcSight products [ref_id=2], KM03640893 for Hybrid Cloud Management [ref_id=3], and KM03640006 for Operation Bridge Suite [ref_id=4]. The advisory does not include a patch diff or describe the specific code changes; it only provides links to the resolution documentation. The fix presumably corrects the authorization logic in the Container Deployment Foundation component to properly enforce access controls.
Preconditions
- configThe target must be running an affected version of a product that includes the Micro Focus Container Deployment Foundation component
- authNo authentication or user interaction required
- networkAttacker must have network access to the vulnerable component
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- softwaresupport.softwaregrp.com/doc/KM03645628mitrex_refsource_CONFIRM
- softwaresupport.softwaregrp.com/doc/KM03645629mitrex_refsource_CONFIRM
- softwaresupport.softwaregrp.com/doc/KM03645630mitrex_refsource_CONFIRM
- softwaresupport.softwaregrp.com/doc/KM03645631mitrex_refsource_CONFIRM
- softwaresupport.softwaregrp.com/doc/KM03645636mitrex_refsource_CONFIRM
- softwaresupport.softwaregrp.com/doc/KM03645642mitrex_refsource_CONFIRM
- support.microfocus.com/kb/doc.phpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.