CVE-2023-36043

FAQ

What type of information could be disclosed by this vulnerability?

Successful exploitation of this vulnerability could allow an attacker to access credentials of privileged accounts stored in trace logs on the machine being monitored by SCOM.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities.

What versions of OMI are affected?

OMI versions v1.7.1-0 and below are affected.

How do the updates address the vulnerability?

The update disables logging of the credentials in the trace file and deletes the existing trace files that may have credentials logged.

Is there any action customers need to take?

In addition to updating their affected versions of SCOM, customers are encouraged to reset their privileged account passwords.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker be an authenticated user with read access to the trace file on the machine being monitored with SCOM and OMI installed.

What is OMI?

Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. More information can be found here: GitHub - Open Management Infrastructure.