KLA12297
Multiple vulnerabilities in Microsoft System Center

Обновлено: 16/05/2023

Дата обнаружения	14/09/2021
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Open Management Infrastructure can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Open Management Infrastructure can be exploited remotely to gain privileges.
Эксплуатация	The following public exploits exists for this vulnerability: https://github.com/goofsec/omigod Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Пораженные продукты	Azure Diagnostics (LAD) Azure Security Center System Center Operations Manager (SCOM) Container Monitoring Solution Azure Open Management Infrastructure Azure Stack Hub Azure Automation State Configuration, DSC Extension Azure Sentinel Log Analytics Agent Azure Automation Update Management
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2021-38647 CVE-2021-38648 CVE-2021-38649 CVE-2021-38645
Оказываемое влияние ?	ACE [?] DoS [?] PE [?]
Связанные продукты	Microsoft System Center Operations Manager Microsoft Azure
CVE-IDS	CVE-2021-386455.0Critical CVE-2021-386495.0Critical CVE-2021-386477.5Critical CVE-2021-386484.6Warning

KLA12297Multiple vulnerabilities in Microsoft System Center

KLA12297
Multiple vulnerabilities in Microsoft System Center