CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1728 – System Center Operations Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1728
System Center Operations Manager Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de System Center Operations Manager • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1728 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1331
https://notcve.org/view.php?id=CVE-2020-1331
A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad cuando System Center Operations Manager (SCOM) no sanea apropiadamente una petición web especialmente diseñada para una instancia SCOM afectada, también se conoce como "System Center Operations Manager Spoofing Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1331 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2015-2420
https://notcve.org/view.php?id=CVE-2015-2420
Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." Vulnerabilidad de XSS en Microsoft System Center 2012 Operations Manager Gold en versiones anteriores a Rollup 8, SP1 en versiones anteriores a Rollup 10 y R2 en versiones anteriores a Rollup 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como 'System Center Operations Manager Web Console XSS Vulnerability.' • http://www.securitytracker.com/id/1033245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 25%CPEs: 2EXPL: 0CVE-2013-0009
https://notcve.org/view.php?id=CVE-2013-0009
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft System Center Operations Manager 2007 SP1 y R2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la entrada manipulada, también conocido como "System Center Operations Manager Web Console XSS Vulnerability", una vulnerabilidad diferente a CVE-2013-0010. • http://www.us-cert.gov/cas/techalerts/TA13-008A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 25%CPEs: 2EXPL: 0CVE-2013-0010
https://notcve.org/view.php?id=CVE-2013-0010
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft System Center Operations Manager 2007 SP1 y R2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la entrada manipulada, también conocido como "System Center Operations Manager Web Console XSS Vulnerability", una vulnerabilidad diferente a CVE-2013-0009. • http://www.us-cert.gov/cas/techalerts/TA13-008A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •