Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2013-01-09 |
Product | System Center Operations Manager | Last view | 2023-11-14 |
Version | 2007 | Type | |
Update | r2 | ||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2023-11-14 | CVE-2023-36043 | Open Management Infrastructure Information Disclosure Vulnerability |
7.8 | 2022-08-09 | CVE-2022-33640 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
7.8 | 2022-06-15 | CVE-2022-29149 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
7.5 | 2021-10-13 | CVE-2021-41352 | SCOM Information Disclosure Vulnerability |
7 | 2021-09-15 | CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability |
7.8 | 2021-09-15 | CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability |
9.8 | 2021-09-15 | CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability |
7.8 | 2021-09-15 | CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability |
8.8 | 2021-02-25 | CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability |
5.4 | 2020-06-09 | CVE-2020-1331 | A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. |
4.3 | 2015-08-14 | CVE-2015-2420 | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." |
4.3 | 2013-01-09 | CVE-2013-0010 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. |
4.3 | 2013-01-09 | CVE-2013-0009 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
37% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
25% (2) | CWE-287 | Improper Authentication |
12% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
12% (1) | CWE-290 | Authentication Bypass by Spoofing |
12% (1) | CWE-269 | Improper Privilege Management |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:15760 | System Center Operations Manager Web Console XSS Vulnerability-I - MS13-003 |
oval:org.mitre.oval:def:16232 | System Center Operations Manager Web Console XSS Vulnerability-II - MS13-003 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Azure Open Management Infrastructure remote command execution | More info here |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0191 | Microsoft System Center Operations Manager Privilege Escalation Vulnerability... Severity: Category II - VMSKEY: V0061301 |
2013-B-0002 | Microsoft System Center Operations Manager Privilege Escalation Vulnerabilities Severity: Category II - VMSKEY: V0036448 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-01-13 | Microsoft Windows XP .theme file remote code execution attempt RuleID : 32730 - Type : FILE-OTHER - Revision : 3 |
2014-01-10 | Microsoft SCOM Web Console cross-site scripting attempt RuleID : 25273 - Type : SERVER-WEBAPP - Revision : 3 |
2014-01-10 | Microsoft System Center Operations Manger cross site scripting attempt RuleID : 25272 - Type : SERVER-WEBAPP - Revision : 5 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-08-12 | Name: A web application hosted on the remote Windows system is affected by a cross-... File: smb_nt_ms15-086.nasl - Type: ACT_GATHER_INFO |
2013-01-09 | Name: A web application hosted on the remote Windows system has multiple cross-site... File: smb_nt_ms13-003.nasl - Type: ACT_GATHER_INFO |