Описание
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Меры по смягчению последствий
Is there any action a customer can take to protect against this vulnerability if they are unable to update?
If the Linux machines do not need network listening, OMI incoming ports can be disabled.
FAQ
How could an attacker exploit this vulnerability?
A remote unauthenticated attacker could access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability.
Is there any action customers need to take to protect themselves against this vulnerability?
Customers running affected versions of SCOM (System Center Operations Manager) should update to OMI version 1.8.1-0.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Open Management Infrastructure | ||
| System Center Operations Manager 2019 | ||
| System Center Operations Manager 2022 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Уязвимость сервера управления предприятием через Интернет Open Management Infrastructure (OMI), связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3