CVE-2024-21334

CWE-416 — Use After Free4 documents4 sources

Severity

9.8CRITICAL

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Microsoft Open Management Infrastructure Microsoft System Center Operations Manager (scom) 2019 Microsoft System Center Operations Manager (scom) 2022 +1 more

Timeline

PublishedMar 12

Description

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5microsoft/open_management_infrastructure16.0 — OMI version 1.8.1-0

▶NVDmicrosoft/open_management_infrastructure< 1.8.1-0

▶CVEListV5microsoft/system_center_operations_manager_(scom)_201910.19.0 — 10.19.1253.0

▶CVEListV5microsoft/system_center_operations_manager_(scom)_202210.22.0 — 10.22.1070.0

▶NVDmicrosoft/system_center_operations_manager2019, 2022+1

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

CVEList

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability↗2024-03-12

▶

GHSA

GHSA-75r3-jg89-hhjp: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability↗2024-03-12

▶

📋Vendor Advisories

1

Microsoft

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability↗2024-03-12

▶

CVE-2024-21334 (CRITICAL CVSS 9.8) | Open Management Infrastructure (OMI | cvebase.io