Vulnerabilites related to microsoft - azure_stack_hub
CVE-2021-38648 (GCVE-0-2021-38648)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Open Management Infrastructure |
Version: 16.0 < OMI Version 1.6.8-1 cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:18.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38648",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:10:24.645431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38648"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:59.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-38648 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.8-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI version: 1.6.8-1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.135",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:20.542Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-38648",
"datePublished": "2021-09-15T11:24:08.000Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:59.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38201 (GCVE-0-2024-38201)
Vulnerability from cvelistv5
Published
2024-08-13 17:29
Modified
2025-07-10 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 1.2311.1.22 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:56:41.394011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:11:08.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2311.1.22",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2311.1.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-08-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T16:33:07.749Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38201"
}
],
"title": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38201",
"datePublished": "2024-08-13T17:29:55.880Z",
"dateReserved": "2024-06-11T22:36:08.221Z",
"dateUpdated": "2025-07-10T16:33:07.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53793 (GCVE-0-2025-53793)
Vulnerability from cvelistv5
Published
2025-08-12 17:10
Modified
2025-08-21 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure Stack Hub 2408 |
Version: 1.0.0 < 1.2408.1.50 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:12:13.160717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:12:29.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub 2408",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2408.1.50",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub 2406",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2406.1.23",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub 2501",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2501.1.47",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2408:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2408.1.50",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2406:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2406.1.23",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub_2501:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2501.1.47",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T19:50:36.331Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793"
}
],
"title": "Azure Stack Hub Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53793",
"datePublished": "2025-08-12T17:10:43.520Z",
"dateReserved": "2025-07-09T13:40:07.625Z",
"dateUpdated": "2025-08-21T19:50:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38216 (GCVE-0-2024-38216)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 1.2406.1.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:04:04.555603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:04:16.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2406.1.15",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2406.1.15",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:02:48.153Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216"
}
],
"title": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38216",
"datePublished": "2024-09-10T16:53:41.902Z",
"dateReserved": "2024-06-11T22:36:08.224Z",
"dateUpdated": "2024-12-31T23:02:48.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38108 (GCVE-0-2024-38108)
Vulnerability from cvelistv5
Published
2024-08-13 17:29
Modified
2025-07-10 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Azure Stack Hub Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 1.2311.1.22 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T20:20:02.361036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:20:15.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2311.1.22",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2311.1.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-08-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T16:32:57.038Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108"
}
],
"title": "Azure Stack Hub Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38108",
"datePublished": "2024-08-13T17:29:45.168Z",
"dateReserved": "2024-06-11T22:36:08.188Z",
"dateUpdated": "2025-07-10T16:32:57.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53765 (GCVE-0-2025-53765)
Vulnerability from cvelistv5
Published
2025-08-12 17:10
Modified
2025-08-21 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Summary
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 102.10.2.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:58:40.510895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:58:51.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "102.10.2.11",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "102.10.2.11",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-08-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T19:50:29.592Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765"
}
],
"title": "Azure Stack Hub Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53765",
"datePublished": "2025-08-12T17:10:37.127Z",
"dateReserved": "2025-07-09T13:25:25.500Z",
"dateUpdated": "2025-08-21T19:50:29.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38647 (GCVE-0-2021-38647)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Open Management Infrastructure Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Open Management Infrastructure |
Version: 16.0 < OMI Version 1.6.8-1 cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:18.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38647",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:45:47.017000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38647"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:59.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-38647 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.8-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI version: 1.6.8-1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.135",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:20.007Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
}
],
"title": "Open Management Infrastructure Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-38647",
"datePublished": "2021-09-15T11:24:07.000Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:59.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38645 (GCVE-0-2021-38645)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Open Management Infrastructure |
Version: 16.0 < OMI Version 1.6.8-1 cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:18.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38645",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:43:58.641391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38645"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:59.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-38645 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.8-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI version: 1.6.8-1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.135",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:19.506Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645"
}
],
"title": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-38645",
"datePublished": "2021-09-15T11:24:05.000Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:59.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38220 (GCVE-0-2024-38220)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 1.2406.1.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:03:22.950049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:03:30.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2406.1.15",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2406.1.15",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:02:48.728Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220"
}
],
"title": "Azure Stack Hub Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38220",
"datePublished": "2024-09-10T16:53:42.438Z",
"dateReserved": "2024-06-11T22:36:08.224Z",
"dateUpdated": "2024-12-31T23:02:48.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20679 (GCVE-0-2024-20679)
Vulnerability from cvelistv5
Published
2024-02-13 18:02
Modified
2025-05-03 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Azure Stack Hub Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Stack Hub |
Version: 1.0.0 < 1.2311.1.22 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T16:32:30.868468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:39:27.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Stack Hub Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2311.1.22",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2311.1.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:24.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"title": "Azure Stack Hub Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-20679",
"datePublished": "2024-02-13T18:02:26.447Z",
"dateReserved": "2023-11-28T22:58:12.117Z",
"dateUpdated": "2025-05-03T01:37:24.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38649 (GCVE-0-2021-38649)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Open Management Infrastructure |
Version: 16.0 < OMI Version 1.6.8-1 cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:19.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38649",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:09:12.228704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38649"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:59.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-38649 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.8-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI version: 1.6.8-1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.25, 2.70.0.30, 3.0.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.13 and LAD v3.0.135",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.13.40-0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Monitor, Update and Config Mgmnt 1.14.01",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.135",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:21.066Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649"
}
],
"title": "Open Management Infrastructure Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-38649",
"datePublished": "2021-09-15T11:24:09.000Z",
"dateReserved": "2021-08-13T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:59.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29149 (GCVE-0-2022-29149)
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure Automation State Configuration, DSC Extension |
Version: 2.0.0 < DSC Agent versions: 2.71.1.33, 3.0.0.7 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Automation State Configuration, DSC Extension",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "DSC Agent versions: 2.71.1.33, 3.0.0.7",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Automation Update Management",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.14.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Log Analytics Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.14.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Diagnostics (LAD)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "LAD v4.0.27 and LAD v3.0.137",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Container Monitoring Solution",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Security Center",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.14.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Sentinel",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.14.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMS Agent for Linux GA v1.14.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Open Management Infrastructure",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "OMI Version 1.6.9-1",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM) 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.22.1024.0",
"status": "affected",
"version": "10.22.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM) 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.19.1152.0",
"status": "affected",
"version": "10.19.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "System Center Operations Manager (SCOM) 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.6.1108.0",
"status": "affected",
"version": "7.6.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:*:*:*:*:*:*:*:*",
"versionEndExcluding": "DSC Agent versions: 2.71.1.33, 3.0.0.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMS Agent for Linux GA v1.14.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMS Agent for Linux GA v1.14.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*",
"versionEndExcluding": "LAD v4.0.27 and LAD v3.0.137",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMS Agent for Linux GA v1.14.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMS Agent for Linux GA v1.14.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMS Agent for Linux GA v1.14.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "OMI Version 1.6.9-1",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*",
"versionEndExcluding": "10.22.1024.0",
"versionStartIncluding": "10.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*",
"versionEndExcluding": "10.19.1152.0",
"versionStartIncluding": "10.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.6.1108.0",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-06-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:03:13.161Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149"
}
],
"title": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-29149",
"datePublished": "2022-06-15T21:51:17",
"dateReserved": "2022-04-12T00:00:00",
"dateUpdated": "2025-01-02T19:03:13.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-06-15 22:15
Modified
2025-01-02 19:16
Severity ?
Summary
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDF9306-CC67-4A45-8FB1-AA18946FCD8D",
"versionEndExcluding": "3.0.137",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5228AB79-AFF1-4B2D-BB60-62D180F6D83B",
"versionEndExcluding": "4.0.27",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0561E514-5A02-4850-8D52-65A8B4B642B2",
"versionEndExcluding": "1.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02B82A-903B-467E-92D7-21573ED88FF8",
"versionEndExcluding": "1.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51886A45-029F-40A8-929B-49552FEB5298",
"versionEndExcluding": "1.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FDDB2A-BA93-47AB-82A3-314638D8A660",
"versionEndExcluding": "1.6.9-1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "480C08E8-C868-455C-97FB-68311B523F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Azure Open Management Infrastructure (OMI)"
}
],
"id": "CVE-2022-29149",
"lastModified": "2025-01-02T19:16:13.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2022-06-15T22:15:13.220",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-12 18:15
Modified
2025-08-18 15:25
Severity ?
Summary
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * | |
| microsoft | azure_stack_hub | * | |
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "288F9C53-DD62-4927-80B0-C1A0583F3F11",
"versionEndExcluding": "1.2406.1.23",
"versionStartIncluding": "1.2406.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C022B0FB-BE3D-4DF9-965E-8EC987A3A53D",
"versionEndExcluding": "1.2408.1.50",
"versionStartIncluding": "1.2408.0.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4E5C18-0981-4418-A573-6C9D74A0E733",
"versionEndExcluding": "1.2501.1.47",
"versionStartIncluding": "1.2501.0.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n incorrecta en Azure Stack permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red."
}
],
"id": "CVE-2025-53793",
"lastModified": "2025-08-18T15:25:08.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-08-12T18:15:47.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2025-03-07 21:58
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics_\\(lad\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC51D6-F6F3-45D8-91E7-6EDD01C0273E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8477F336-71BB-4C49-A4EB-E1BC1EFF2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1626DA-5B19-4291-B840-633EF458984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80F8C3B-BEF9-43D5-9455-6C6F608CF519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B457DA44-AD83-4E5C-B180-8A227462EC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79983385-D5FE-4F76-924C-A2AA7E5BAAE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Open Management Infrastructure. Este ID CVE es \u00fanico desde CVE-2021-38645, CVE-2021-38649"
}
],
"id": "CVE-2021-38648",
"lastModified": "2025-03-07T21:58:29.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-15T12:15:15.147",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2025-03-07 21:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics_\\(lad\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC51D6-F6F3-45D8-91E7-6EDD01C0273E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8477F336-71BB-4C49-A4EB-E1BC1EFF2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1626DA-5B19-4291-B840-633EF458984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80F8C3B-BEF9-43D5-9455-6C6F608CF519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B457DA44-AD83-4E5C-B180-8A227462EC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79983385-D5FE-4F76-924C-A2AA7E5BAAE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Open Management Infrastructure. Este CVE ID es diferente de CVE-2021-38648, CVE-2021-38649"
}
],
"id": "CVE-2021-38645",
"lastModified": "2025-03-07T21:24:02.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-15T12:15:14.967",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38645"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-12 18:15
Modified
2025-08-18 15:21
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_app_service_on_azure_stack | * | |
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_app_service_on_azure_stack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76A5B83-3D29-4C88-B747-12881EB2020C",
"versionEndExcluding": "102.10.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n personal privada a un actor no autorizado en Azure Stack permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-53765",
"lastModified": "2025-08-18T15:21:18.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-12T18:15:45.250",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-15 20:30
Severity ?
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38201 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Azure Stack Hub"
}
],
"id": "CVE-2024-38201",
"lastModified": "2024-08-15T20:30:00.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:29.953",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38201"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 17:00
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Azure Stack Hub"
}
],
"id": "CVE-2024-38216",
"lastModified": "2024-09-17T17:00:29.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:24.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38216"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:52
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Azure Stack Hub Spoofing Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Azure Stack Hub"
}
],
"id": "CVE-2024-20679",
"lastModified": "2024-11-21T08:52:54.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:47.723",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2025-03-07 21:58
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Open Management Infrastructure Remote Code Execution Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics_\\(lad\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC51D6-F6F3-45D8-91E7-6EDD01C0273E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8477F336-71BB-4C49-A4EB-E1BC1EFF2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1626DA-5B19-4291-B840-633EF458984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80F8C3B-BEF9-43D5-9455-6C6F608CF519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B457DA44-AD83-4E5C-B180-8A227462EC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79983385-D5FE-4F76-924C-A2AA7E5BAAE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Management Infrastructure Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Open Management Infrastructure"
}
],
"id": "CVE-2021-38647",
"lastModified": "2025-03-07T21:58:09.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-15T12:15:15.090",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164694/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38647"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2025-03-07 21:58
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Open Management Infrastructure Elevation of Privilege Vulnerability
References
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_diagnostics_\\(lad\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC51D6-F6F3-45D8-91E7-6EDD01C0273E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8477F336-71BB-4C49-A4EB-E1BC1EFF2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1626DA-5B19-4291-B840-633EF458984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80F8C3B-BEF9-43D5-9455-6C6F608CF519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B457DA44-AD83-4E5C-B180-8A227462EC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79983385-D5FE-4F76-924C-A2AA7E5BAAE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Management Infrastructure Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Open Management Infrastructure. Este CVE ID es diferente de CVE-2021-38645, CVE-2021-38648"
}
],
"id": "CVE-2021-38649",
"lastModified": "2025-03-07T21:58:41.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-15T12:15:15.203",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38649"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:59
Severity ?
Summary
Azure Stack Hub Elevation of Privilege Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Azure Stack Hub"
}
],
"id": "CVE-2024-38220",
"lastModified": "2024-09-17T16:59:37.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:24.867",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:38
Severity ?
Summary
Azure Stack Hub Spoofing Vulnerability
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Azure Stack Hub"
}
],
"id": "CVE-2024-38108",
"lastModified": "2024-08-16T20:38:43.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:11.240",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}