Описание
System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
How could an attacker exploit this vulnerability?
An attacker with any valid SCOM login could create a custom dashboard containing a PowerShell widget, allowing them to run commands on the web console server.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| System Center Operations Manager 2019 | ||
| System Center Operations Manager 2022 | ||
| System Center Operations Manager 2025 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
Уязвимость программы для управления и мониторинга ИТ-сервисов Microsoft System Center Operations Manager (SCOM), связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю повысить свои привилегии
EPSS
8.8 High
CVSS3