CVE-2021-41352: SCOM Information Disclosure Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Oct

Released

2021-10-12

EPSS Score

10.57% (percentile: 93.3%)

FAQ

In what instances do I need to install the security update for this vulnerability? This vulnerability only affects machines that have the SCOM web console installed. SCOM web console server machines should have this update installed to be protected from the vulnerability. Do I need to install the update if my machine is not set up as a web console server? No. Customers whose machines are not SCOM web console server machines do not need to install this update. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

Affected Products (3)

System Center

• System Center 2016 Operations Manager
• System Center 2019 Operations Manager
• System Center 2012 R2 Operations Manager

Security Updates (1)

• 5006871

Revision History

• 2021-10-12: Information published.