Lucene search
K
MicrosoftSystem Center Operations Manager

17 matches found

CVE
CVE
added 2021/09/15 11:24 a.m.1231 views

CVE-2021-38647

CVE-2021-38647 (OMIGOD) is an unauthenticated remote code execution vulnerability in Microsoft Open Management Infrastructure (OMI) commonly deployed on Azure Linux VMs. Exploitation is achieved by sending a crafted HTTP request without the Authorization header, enabling code execution with the O...

9.8CVSS7.3AI score0.99723EPSS
In wildWeb
CVE
CVE
added 2021/09/15 11:24 a.m.1147 views

CVE-2021-38645

Open Management Infrastructure (OMI) in Azure VM Management Extensions contains CVE-2021-38645, an Elevation of Privilege vulnerability. OMI runs with root privileges; when vulnerable, it can be exploited locally to escalate privileges on affected hosts. Microsoft addressed the OMIGOD set (CVE-20...

7.8CVSS8.6AI score0.01792EPSS
In wild
CVE
CVE
added 2021/09/15 11:24 a.m.1130 views

CVE-2021-38648

CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...

7.8CVSS8.6AI score0.10933EPSS
In wild
CVE
CVE
added 2021/09/15 11:24 a.m.1087 views

CVE-2021-38649

CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...

7.8CVSS8.2AI score0.01896EPSS
In wild
CVE
CVE
added 2024/03/12 4:57 p.m.270 views

CVE-2024-21334

CVE-2024-21334 is an Open Management Infrastructure (OMI) remote code execution vulnerability affecting Microsoft System Center Operations Manager (SCOM) environments that use OMI. Public sources indicate OMI under SCOM versions 2019 and 2022 can be exploited remotely via unauthenticated requests...

9.8CVSS9.5AI score0.20157EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.252 views

CVE-2024-21330

CVE-2024-21330 describes an elevation-of-privilege vulnerability in Microsoft’s Open Management Infrastructure (OMI). Public sources indicate this affects OMI alongside related System Center/OMS components, allowing an attacker with local access to obtain elevated privileges. The impact is descri...

7.8CVSS7.7AI score0.00988EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.175 views

CVE-2022-29149

CVE-2022-29149 concerns Microsoft Open Management Infrastructure (OMI). The vulnerability affects the OMI package prior to 1.6.9-1 and enables local, privilege-escalation attacks (unauthenticated remote attacker can gain privileged access). The issue is due to a privilege-escalation flaw in OMI. ...

7.8CVSS7.7AI score0.0091EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.143 views

CVE-2013-0010

CVE-2013-0010 is a cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 Web Console. The connected Microsoft MS13-003 bulletin resolves vulnerabilities in SCOM that could allow elevation of privilege when a user visits a crafted URL, with updates ...

4.3CVSS5AI score0.16618EPSS
CVE
CVE
added 2022/08/09 7:50 p.m.132 views

CVE-2022-33640

CVE-2022-33640 affects Microsoft System Center Operations Manager via Open Management Infrastructure (OMI). The connected docs identify an elevation of privilege vulnerability with a LOCAL attack vector, requiring LOW privileges and no user interaction (CVSSv3.1 base score 7.8, HIGH impact on con...

7.8CVSS7.7AI score0.00551EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.128 views

CVE-2013-0009

Microsoft System Center Operations Manager 2007 SP1 and R2 are affected by a vulnerability described as cross-site scripting in the CVE-2013-0009 entry, with Microsoft’s MS13-003 bulletin (KB2748552) explicitly noting vulnerabilities that could allow elevation of privilege when a user visits an a...

4.3CVSS5AI score0.1364EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.113 views

CVE-2021-1728

CVE-2021-1728 affects Microsoft System Center Operations Manager (SCOM) and is described as an Elevation of Privilege vulnerability. The CVE entry notes a high severity (CVSS v3.1 base 8.8) with a network attack vector, low privileges required, no user interaction, and impact to confidentiality, ...

8.8CVSS8.7AI score0.01825EPSS
CVE
CVE
added 2021/10/13 12:28 a.m.105 views

CVE-2021-41352

CVE-2021-41352 corresponds to a SCOM information disclosure vulnerability affecting System Center Operations Manager 2012 R2, 2016 and 2019. The connected Nessus/NASL entry describes an information disclosure vulnerability in SCOM’s web-facing components, specifically an insecure direct object re...

7.5CVSS7.2AI score0.02786EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.102 views

CVE-2025-27743

CVE-2025-27743 — Microsoft System Center Elevation of Privilege . A local privilege-elevation vulnerability arises from an untrusted search path in System Center (DLL hijacking). This can enable an authorized local attacker to obtain higher privileges. Public details confirm the impact and that e...

7.8CVSS7.1AI score0.00751EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.94 views

CVE-2023-36043

CVE-2023-36043 corresponds to an Information Disclosure vulnerability in Microsoft Open Management Infrastructure (OMI), affecting Open Management Infrastructure within System Center Operations Manager. The entry is supported by multiple connected sources indicating an information disclosure risk...

6.5CVSS6.5AI score0.01399EPSS
CVE
CVE
added 2020/06/09 7:44 p.m.82 views

CVE-2020-1331

The CVE-2020-1331 entry maps to a spoofing vulnerability in System Center Operations Manager (SCOM), specifically affecting the 2016 Web Console. The issue arises when the web interface fails to properly sanitize specially crafted requests, enabling spoofing and potential cross-site scripting-lik...

5.4CVSS6.2AI score0.01257EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.65 views

CVE-2015-2420

CVE-2015-2420 is a cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager. The flaw affects the Web Console component and can be triggered when a user visits a specially crafted URL, allowing remote attackers to inject arbitrary web script or HTML. Affected pr...

4.3CVSS5AI score0.08807EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.56 views

CVE-2026-20967

CVE-2026-20967 affects Microsoft System Center Operations Manager. The issue is due to improper input validation, enabling an authorized attacker to elevate privileges over the network. The CVSSv3.1 vector indicates a network-based, low-attack-complexity with low privileges required and high impa...

8.8CVSS5.8AI score0.0106EPSS