CVE-2023-36043

CWE-200 — Information Exposure CWE-668 — Exposure to Wrong Sphere4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 44.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Microsoft System Center Operations Manager (scom) 2016 Microsoft System Center Operations Manager (scom) 2019 Microsoft System Center Operations Manager (scom) 2022 +1 more

Timeline

PublishedNov 14

Description

Open Management Infrastructure Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5microsoft/system_center_operations_manager_(scom)_20167.6.0 — 1.7.3-0

▶CVEListV5microsoft/system_center_operations_manager_(scom)_201910.19.0 — 1.7.3-0

▶CVEListV5microsoft/system_center_operations_manager_(scom)_202210.22.0 — 1.7.3-0

▶NVDmicrosoft/system_center_operations_manager2016, 2019, 2022+2

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-7523-xcc2-m3rm: Open Management Infrastructure Information Disclosure Vulnerability↗2023-11-14

▶

CVEList

Open Management Infrastructure Information Disclosure Vulnerability↗2023-11-14

▶

📋Vendor Advisories

1

Microsoft

Open Management Infrastructure Information Disclosure Vulnerability↗2023-11-14

▶

CVE-2023-36043 (MEDIUM CVSS 6.5) | Open Management Infrastructure Info | cvebase.io