cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21330,https://securityvulnerability.io/vulnerability/CVE-2024-21330,Elevation of Privilege Vulnerability Affects Open Management Infrastructure,"The Open Management Infrastructure (OMI) contains an elevation of privilege vulnerability that can be exploited by an authenticated attacker to gain elevated permissions on the affected system. Successfully exploiting this vulnerability allows the attacker to perform actions with higher privileges, potentially compromising the integrity and availability of the system. Users should ensure that they are running the latest version of OMI to mitigate the risks associated with this vulnerability. For further details, refer to the Microsoft Security Response Center.",Microsoft,"System Center Operations Manager (scom) 2019,System Center Operations Manager (scom) 2022,Azure Automation,Azure Automation Update Management,Azure Sentinel,Container Monitoring Solution,Azure Hdinsight,Open Management Infrastructure,Azure Security Center,Log Analytics Agent",7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2024-03-12T16:57:56.930Z,0
CVE-2022-29149,https://securityvulnerability.io/vulnerability/CVE-2022-29149,Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability,Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability,Microsoft,"Azure Automation State Configuration, Dsc Extension,Azure Automation Update Management,Log Analytics Agent,Azure Diagnostics (lad),Container Monitoring Solution,Azure Security Center,Azure Sentinel,Azure Stack Hub,Open Management Infrastructure,System Center Operations Manager (scom) 2022,System Center Operations Manager (scom) 2019,System Center Operations Manager (scom) 2016",7.8,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2022-06-15T21:51:17.000Z,0
CVE-2021-42306,https://securityvulnerability.io/vulnerability/CVE-2021-42306,Azure Active Directory Information Disclosure Vulnerability,"An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential  on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.
Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application.
Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.
For more details on this issue, please refer to the MSRC Blog Entry.
",Microsoft,"Azure Automation,Azure Active Directory,Azure Site Recovery,Azure Migrate",8.1,HIGH,0.006870000157505274,false,false,false,false,,false,false,2021-11-24T01:05:13.000Z,0
CVE-2021-38649,https://securityvulnerability.io/vulnerability/CVE-2021-38649,Open Management Infrastructure Elevation of Privilege Vulnerability,Open Management Infrastructure Elevation of Privilege Vulnerability,Microsoft,"Open Management Infrastructure,System Center Operations Manager (scom),Azure Automation State Configuration, Dsc Extension,Azure Automation Update Management,Log Analytics Agent,Azure Diagnostics (lad),Container Monitoring Solution,Azure Security Center,Azure Sentinel,Azure Stack Hub",7,HIGH,0.000590000010561198,true,false,false,true,,false,false,2021-09-15T11:24:09.000Z,0
CVE-2021-38648,https://securityvulnerability.io/vulnerability/CVE-2021-38648,Open Management Infrastructure Elevation of Privilege Vulnerability,Open Management Infrastructure Elevation of Privilege Vulnerability,Microsoft,"Open Management Infrastructure,System Center Operations Manager (scom),Azure Automation State Configuration, Dsc Extension,Azure Automation Update Management,Log Analytics Agent,Azure Diagnostics (lad),Container Monitoring Solution,Azure Security Center,Azure Sentinel,Azure Stack Hub",7.8,HIGH,0.9582399725914001,true,false,false,true,,false,false,2021-09-15T11:24:08.000Z,0
CVE-2021-38647,https://securityvulnerability.io/vulnerability/CVE-2021-38647,Open Management Infrastructure Remote Code Execution Vulnerability,Open Management Infrastructure Remote Code Execution Vulnerability,Microsoft,"Open Management Infrastructure,System Center Operations Manager (scom),Azure Automation State Configuration, Dsc Extension,Azure Automation Update Management,Log Analytics Agent,Azure Diagnostics (lad),Container Monitoring Solution,Azure Security Center,Azure Sentinel,Azure Stack Hub",9.8,CRITICAL,0.9731600284576416,true,false,true,true,true,false,false,2021-09-15T11:24:07.000Z,0
CVE-2021-38645,https://securityvulnerability.io/vulnerability/CVE-2021-38645,Open Management Infrastructure Elevation of Privilege Vulnerability,Open Management Infrastructure Elevation of Privilege Vulnerability,Microsoft,"Open Management Infrastructure,System Center Operations Manager (scom),Azure Automation State Configuration, Dsc Extension,Azure Automation Update Management,Log Analytics Agent,Azure Diagnostics (lad),Container Monitoring Solution,Azure Security Center,Azure Sentinel,Azure Stack Hub",7.8,HIGH,0.000590000010561198,true,false,false,true,,false,false,2021-09-15T11:24:05.000Z,0
CVE-2019-0962,https://securityvulnerability.io/vulnerability/CVE-2019-0962,,"An elevation of privilege vulnerability exists in Azure Automation ""RunAs account"" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.",Microsoft,Azure Automation,4.9,MEDIUM,0.001129999989643693,false,false,false,false,,false,false,2019-07-15T18:56:19.000Z,0