Lucene search

[email protected]CVE-2024-21330

HistoryMar 12, 2024 - 5:15 p.m.

CVE-2024-21330

2024-03-1217:15:49

CWE-122

[email protected]

web.nvd.nist.gov

175

cve-2024-21330

omi

elevation of privilege

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Affected configurations

Vulners

Node

microsoftsystem_center_operations_manager_(scom)_2019Range10.19.0–10.19.1253.0

microsoftsystem_center_operations_manager_(scom)_2022Range10.22.0–10.22.1070.0

microsoftazure_automation

microsoftazure_automation_update_managementRange1.0.0–19.0

microsoftazure_sentinelRange1.0.0–19.0

microsoftcontainer_monitoring_solutionMatch1.0.0

microsoftazure_hdinsightsRange1.0–1.8.1

microsoftopen_management_infrastructureRange16.0–1.8.1

microsoftopen_management_infrastructureRange1.0.0–1.8.1

microsoftazure_security_centerRange1.0.0–1.19.0

microsoftlog_analytics_agentRange1.0.0–19.0

VendorProductVersionCPE
microsoftsystem_center_operations_manager_(scom)_2019*cpe:2.3:a:microsoft:system_center_operations_manager_(scom)_2019:*:*:*:*:*:*:*:*
microsoftsystem_center_operations_manager_(scom)_2022*cpe:2.3:a:microsoft:system_center_operations_manager_(scom)_2022:*:*:*:*:*:*:*:*
microsoftazure_automation*cpe:2.3:a:microsoft:azure_automation:*:*:*:*:*:*:*:*
microsoftazure_automation_update_management*cpe:2.3:a:microsoft:azure_automation_update_management:*:*:*:*:*:*:*:*
microsoftazure_sentinel*cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*
microsoftcontainer_monitoring_solution1.0.0cpe:2.3:a:microsoft:container_monitoring_solution:1.0.0:*:*:*:*:*:*:*
microsoftazure_hdinsights*cpe:2.3:a:microsoft:azure_hdinsights:*:*:*:*:*:*:*:*
microsoftopen_management_infrastructure*cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*
microsoftopen_management_infrastructure*cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*
microsoftazure_security_center*cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	system_center_operations_manager_(scom)_2019	*	cpe:2.3:a:microsoft:system_center_operations_manager_(scom)_2019::::::::
microsoft	system_center_operations_manager_(scom)_2022	*	cpe:2.3:a:microsoft:system_center_operations_manager_(scom)_2022::::::::
microsoft	azure_automation	*	cpe:2.3:a:microsoft:azure_automation::::::::
microsoft	azure_automation_update_management	*	cpe:2.3:a:microsoft:azure_automation_update_management::::::::
microsoft	azure_sentinel	*	cpe:2.3:a:microsoft:azure_sentinel::::::::
microsoft	container_monitoring_solution	1.0.0	cpe:2.3:a:microsoft:container_monitoring_solution:1.0.0:::::::*
microsoft	azure_hdinsights	*	cpe:2.3:a:microsoft:azure_hdinsights::::::::
microsoft	open_management_infrastructure	*	cpe:2.3:a:microsoft:open_management_infrastructure::::::::
microsoft	open_management_infrastructure	*	cpe:2.3:a:microsoft:open_management_infrastructure::::::::
microsoft	azure_security_center	*	cpe:2.3:a:microsoft:azure_security_center::::::::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "System Center Operations Manager (SCOM) 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.19.0",
        "lessThan": "10.19.1253.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "System Center Operations Manager (SCOM) 2022",
    "cpes": [
      "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.22.0",
        "lessThan": "10.22.1070.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA 1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation Update Management",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Sentinel",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Container Monitoring Solution",
    "cpes": [
      "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "microsoft-oms-latest with full ID: sha256:855bfeb0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure HDInsight",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_hdinsights:1.5.42.0:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "omi-1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Open Management Infrastructure",
    "cpes": [
      "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "OMI version 1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Open Management Infrastructure",
    "cpes": [
      "cpe:2.3:a:microsoft:open_management_suite_agent_for_linux:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Security Center",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA 1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Log Analytics Agent",
    "cpes": [
      "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]