This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-01-09
Product System Center Operations Manager Last view 2023-11-14
Version 2007 Type
Update r2  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:* 5
cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:* 4
cpe:2.3:a:microsoft:system_center_operations_manager:2016:-:*:*:*:*:*:* 4
cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:* 3
cpe:2.3:a:microsoft:system_center_operations_manager:2007:sp1:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:system_center_operations_manager:2007:r2:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup5:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup5:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup4:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2019:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup6:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup6:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup8:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup6:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup9:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup7:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup7:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup4:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup4:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup5:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.5 2023-11-14 CVE-2023-36043

Open Management Infrastructure Information Disclosure Vulnerability
7.8 2022-08-09 CVE-2022-33640

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
7.8 2022-06-15 CVE-2022-29149

Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
7.5 2021-10-13 CVE-2021-41352

SCOM Information Disclosure Vulnerability
7 2021-09-15 CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability
7.8 2021-09-15 CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability
9.8 2021-09-15 CVE-2021-38647

Open Management Infrastructure Remote Code Execution Vulnerability
7.8 2021-09-15 CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability
8.8 2021-02-25 CVE-2021-1728

System Center Operations Manager Elevation of Privilege Vulnerability
5.4 2020-06-09 CVE-2020-1331

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.
4.3 2015-08-14 CVE-2015-2420

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability."
4.3 2013-01-09 CVE-2013-0010

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
4.3 2013-01-09 CVE-2013-0009

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (2) CWE-287 Improper Authentication
12% (1) CWE-668 Exposure of Resource to Wrong Sphere
12% (1) CWE-290 Authentication Bypass by Spoofing
12% (1) CWE-269 Improper Privilege Management

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:15760 System Center Operations Manager Web Console XSS Vulnerability-I - MS13-003
oval:org.mitre.oval:def:16232 System Center Operations Manager Web Console XSS Vulnerability-II - MS13-003

SAINT Exploits

Description Link
Microsoft Azure Open Management Infrastructure remote command execution More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0191 Microsoft System Center Operations Manager Privilege Escalation Vulnerability...
Severity: Category II - VMSKEY: V0061301
2013-B-0002 Microsoft System Center Operations Manager Privilege Escalation Vulnerabilities
Severity: Category II - VMSKEY: V0036448

Snort® IPS/IDS

Date Description
2015-01-13 Microsoft Windows XP .theme file remote code execution attempt
RuleID : 32730 - Type : FILE-OTHER - Revision : 3
2014-01-10 Microsoft SCOM Web Console cross-site scripting attempt
RuleID : 25273 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 Microsoft System Center Operations Manger cross site scripting attempt
RuleID : 25272 - Type : SERVER-WEBAPP - Revision : 5

Nessus® Vulnerability Scanner

id Description
2015-08-12 Name: A web application hosted on the remote Windows system is affected by a cross-...
File: smb_nt_ms15-086.nasl - Type: ACT_GATHER_INFO
2013-01-09 Name: A web application hosted on the remote Windows system has multiple cross-site...
File: smb_nt_ms13-003.nasl - Type: ACT_GATHER_INFO