cbcvebase.
CVE-2022-29149
published 2022-06-15

CVE-2022-29149: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.91%
55.5th percentile
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftazure_automation_update_management>= 1.0.0 < OMS Agent for Linux GA v1.14.13OMS Agent for Linux GA v1.14.13
microsoftazure_diagnostics>= 3.0 < 3.0.1373.0.137
microsoftazure_diagnostics>= 3.0.0 < LAD v4.0.27 and LAD v3.0.137LAD v4.0.27 and LAD v3.0.137
microsoftazure_diagnostics>= 4.0 < 4.0.274.0.27
microsoftazure_security_center< 1.14.131.14.13
microsoftazure_security_center>= 1.0.0 < OMS Agent for Linux GA v1.14.13OMS Agent for Linux GA v1.14.13
microsoftazure_sentinel< 1.14.131.14.13
microsoftazure_sentinel>= 1.0.0 < OMS Agent for Linux GA v1.14.13OMS Agent for Linux GA v1.14.13
microsoftazure_stack_hub< 1.14.131.14.13
microsoftazure_stack_hub>= 1.0.0 < OMS Agent for Linux GA v1.14.13OMS Agent for Linux GA v1.14.13
microsoftcontainer_monitoring_solution>= 1.0.0 < publicationpublication
microsoftlog_analytics_agent>= 1.0.0 < OMS Agent for Linux GA v1.14.13OMS Agent for Linux GA v1.14.13
microsoftopen_management_infrastructure< 1.6.9-11.6.9-1
microsoftopen_management_infrastructure>= 16.0 < OMI Version 1.6.9-1OMI Version 1.6.9-1
microsoftsystem_center_operations_manager
microsoftsystem_center_operations_manager
microsoftsystem_center_operations_manager
microsoftsystem_center_operations_manager_2016>= 7.6.0 < 7.6.1108.07.6.1108.0
microsoftsystem_center_operations_manager_2019>= 10.19.0 < 10.19.1152.010.19.1152.0
microsoftsystem_center_operations_manager_2022>= 10.22.0 < 10.22.1024.010.22.1024.0
msrcazure_automation_state_configuration_dsc_extension
msrcazure_automation_update_management
msrcazure_diagnostics
msrcazure_security_center
msrcazure_sentinel

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.