CVE-2020-11861: 
Micro Focus Operations Agent vulnerability analysis and mitigation

CVE-2020-11861 is a local privilege escalation vulnerability affecting Micro Focus Operation Agent, all versions prior to 12.11. The vulnerability exists in the glance module of Operations Agent and could be exploited to escalate local privileges and gain root access on the system (Micro Focus).

The vulnerability has been assigned a CVSS v3.0 base score of 7.8 HIGH with vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. The CVSS v2.0 base score is 6.0 with vector AV:L/AC:H/Au:S/C:C/I:C/A:C (Micro Focus).

If successfully exploited, this vulnerability allows an attacker to escalate local privileges and gain root access on the affected system, potentially leading to complete system compromise (Micro Focus).

Micro Focus has released hotfixes for affected versions (12.10, 12.11, and 12.06). Users are recommended to update Operations Agent versions prior to 12.10 to version 12.10 or later. Hotfixes can be downloaded from Micro Focus FTP server using provided credentials (Micro Focus).

The vulnerability was discovered and reported by Lasse Trolle Borup of Danish Cyber Defense (Micro Focus).