17 matches found
CVE-2021-38647
CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...
CVE-2021-38645
Open Management Infrastructure (OMI) in Azure VM Management Extensions contains CVE-2021-38645, an Elevation of Privilege vulnerability. OMI runs with root privileges; when vulnerable, it can be exploited locally to escalate privileges on affected hosts. Microsoft addressed the OMIGOD set (CVE-20...
CVE-2021-38648
CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...
CVE-2021-38649
CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...
CVE-2024-21334
CVE-2024-21334 is an Open Management Infrastructure (OMI) remote code execution vulnerability affecting Microsoft System Center Operations Manager (SCOM) environments that use OMI. Public sources indicate OMI under SCOM versions 2019 and 2022 can be exploited remotely via unauthenticated requests...
CVE-2024-21330
CVE-2024-21330 describes an elevation-of-privilege vulnerability in Microsoft’s Open Management Infrastructure (OMI). Public sources indicate this affects OMI alongside related System Center/OMS components, allowing an attacker with local access to obtain elevated privileges. The impact is descri...
CVE-2022-29149
CVE-2022-29149 concerns Microsoft Open Management Infrastructure (OMI). The vulnerability affects the OMI package prior to 1.6.9-1 and enables local, privilege-escalation attacks (unauthenticated remote attacker can gain privileged access). The issue is due to a privilege-escalation flaw in OMI. ...
CVE-2013-0010
CVE-2013-0010 is a cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 Web Console. The connected Microsoft MS13-003 bulletin resolves vulnerabilities in SCOM that could allow elevation of privilege when a user visits a crafted URL, with updates ...
CVE-2022-33640
CVE-2022-33640 affects Microsoft System Center Operations Manager via Open Management Infrastructure (OMI). The connected docs identify an elevation of privilege vulnerability with a LOCAL attack vector, requiring LOW privileges and no user interaction (CVSSv3.1 base score 7.8, HIGH impact on con...
CVE-2013-0009
Microsoft System Center Operations Manager 2007 SP1 and R2 are affected by a vulnerability described as cross-site scripting in the CVE-2013-0009 entry, with Microsoft’s MS13-003 bulletin (KB2748552) explicitly noting vulnerabilities that could allow elevation of privilege when a user visits an a...
CVE-2021-1728
CVE-2021-1728 affects Microsoft System Center Operations Manager (SCOM) and is described as an Elevation of Privilege vulnerability. The CVE entry notes a high severity (CVSS v3.1 base 8.8) with a network attack vector, low privileges required, no user interaction, and impact to confidentiality, ...
CVE-2021-41352
CVE-2021-41352 corresponds to a SCOM information disclosure vulnerability affecting System Center Operations Manager 2012 R2, 2016 and 2019. The connected Nessus/NASL entry describes an information disclosure vulnerability in SCOM’s web-facing components, specifically an insecure direct object re...
CVE-2025-27743
CVE-2025-27743 — Microsoft System Center Elevation of Privilege . A local privilege-elevation vulnerability arises from an untrusted search path in System Center (DLL hijacking). This can enable an authorized local attacker to obtain higher privileges. Public details confirm the impact and that e...
CVE-2023-36043
CVE-2023-36043 corresponds to an Information Disclosure vulnerability in Microsoft Open Management Infrastructure (OMI), affecting Open Management Infrastructure within System Center Operations Manager. The entry is supported by multiple connected sources indicating an information disclosure risk...
CVE-2020-1331
The CVE-2020-1331 entry maps to a spoofing vulnerability in System Center Operations Manager (SCOM), specifically affecting the 2016 Web Console. The issue arises when the web interface fails to properly sanitize specially crafted requests, enabling spoofing and potential cross-site scripting-lik...
CVE-2015-2420
CVE-2015-2420 is a cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager. The flaw affects the Web Console component and can be triggered when a user visits a specially crafted URL, allowing remote attackers to inject arbitrary web script or HTML. Affected pr...
CVE-2026-20967
CVE-2026-20967 affects Microsoft System Center Operations Manager. The issue is due to improper input validation, enabling an authorized attacker to elevate privileges over the network. The CVSSv3.1 vector indicates a network-based, low-attack-complexity with low privileges required and high impa...