CVE-2022-29149

Published: Jun 15, 2022Modified: Jan 2, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Affected (13)

Products: Microsoft: Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics, Azure Security Center, Azure Sentinel, Azure Stack Hub, Container Monitoring Solution, Log Analytics Agent, Open Management Infrastructure, System Center Operations Manager

10 products

Azure Automation State Configuration

Azure Automation Update Management

Azure Diagnostics

Azure Security Center

Azure Stack Hub

Container Monitoring Solution

Log Analytics Agent

Open Management Infrastructure

System Center Operations Manager

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Microsoft Azure Automation State Configuration	All versions
Microsoft Azure Automation Update Management	All versions
Microsoft Azure Diagnostics	From 3.0 to 3.0.137
Microsoft Azure Diagnostics	From 4.0 to 4.0.27
Microsoft Azure Security Center	Before 1.14.13
Microsoft Azure Sentinel	Before 1.14.13
Microsoft Azure Stack Hub	Before 1.14.13
Microsoft Container Monitoring Solution	All versions
Microsoft Log Analytics Agent	All versions
Microsoft Open Management Infrastructure	Before 1.6.9-1
Microsoft System Center Operations Manager	Version 2016
Microsoft System Center Operations Manager	Version 2019
Microsoft System Center Operations Manager	Version 2022

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.