Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMicrosoftCVELIST:CVE-2024-21330
HistoryMar 12, 2024 - 4:57 p.m.

CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

2024-03-1216:57:56
CWE-122
microsoft
www.cve.org
open management infrastructure
elevation of privilege
vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "System Center Operations Manager (SCOM) 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.19.0",
        "lessThan": "10.19.1253.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "System Center Operations Manager (SCOM) 2022",
    "cpes": [
      "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.22.0",
        "lessThan": "10.22.1070.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA 1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Automation Update Management",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Sentinel",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Container Monitoring Solution",
    "cpes": [
      "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "microsoft-oms-latest with full ID: sha256:855bfeb0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure HDInsight",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_hdinsights:1.5.42.0:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "omi-1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Open Management Infrastructure",
    "cpes": [
      "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "OMI version 1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Open Management Infrastructure",
    "cpes": [
      "cpe:2.3:a:microsoft:open_management_suite_agent_for_linux:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.8.1-0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Security Center",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA 1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Log Analytics Agent",
    "cpes": [
      "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "OMS Agent for Linux GA v1.19.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
nvd 1
mscve 1
vulnrichment 1
cve 1
nessus 2
kaspersky 2
rapid7blog 1
prion
prion
Privilege escalation
2024-03-12 17:15:00
nvd
nvd
CVE-2024-21330
2024-03-12 17:15:49
mscve
mscve
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
2024-03-12 07:00:00
vulnrichment
vulnrichment
CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
2024-03-12 16:57:56
cve
cve
CVE-2024-21330
2024-03-12 17:15:49
nessus
nessus
Security Updates for Microsoft System Center Management Pack (March 2024)
2024-03-12 00:00:00
Security Updates for Microsoft Open Management Infrastructure (March 2024)
2024-03-20 00:00:00
kaspersky
kaspersky
KLA65124 Multiple vulnerabilities in Microsoft System Center
2024-03-12 00:00:00
KLA65131 Multiple vulnerabilities in Microsoft Azure
2024-03-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2024
2024-03-12 19:47:44

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVELIST:CVE-2024-21330
prion1nvd1mscve1vulnrichment1cve1nessus2kaspersky2rapid7blog1