All the vulnerabilites related to Microsoft - Azure Automation
cve-2024-21330
Vulnerability from cvelistv5
Published
2024-03-12 16:57
Modified
2024-08-01 22:20
Summary
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Impacted products
Vendor Product Version
Microsoft System Center Operations Manager (SCOM) 2022 Version: 10.22.0   < 10.22.1070.0
    cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*
Microsoft Azure Automation Version: 1.0.0   < OMS Agent for Linux GA 1.19.0
    cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*
Microsoft Azure Automation Update Management Version: 1.0.0   < OMS Agent for Linux GA v1.19.0
    cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*
Microsoft Azure Sentinel Version: 1.0.0   < OMS Agent for Linux GA v1.19.0
    cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*
Microsoft Container Monitoring Solution Version: 1.0.0   < microsoft-oms-latest with full ID: sha256:855bfeb0
    cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*
Microsoft Azure HDInsight Version: 1.0   < omi-1.8.1-0
    cpe:2.3:a:microsoft:azure_hdinsights:1.5.42.0:*:*:*:*:*:*:*
Microsoft Open Management Infrastructure Version: 16.0   < OMI version 1.8.1-0
    cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*
Microsoft Open Management Infrastructure Version: 1.0.0   < 1.8.1-0
    cpe:2.3:a:microsoft:open_management_suite_agent_for_linux:*:*:*:*:*:*:*:*
Microsoft Azure Security Center Version: 1.0.0   < OMS Agent for Linux GA 1.19.0
    cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*
Microsoft Log Analytics Agent Version: 1.0.0   < OMS Agent for Linux GA v1.19.0
    cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21330",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T19:23:30.888206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:56.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "System Center Operations Manager (SCOM) 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.19.1253.0",
              "status": "affected",
              "version": "10.19.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "System Center Operations Manager (SCOM) 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.22.1070.0",
              "status": "affected",
              "version": "10.22.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Automation",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMS Agent for Linux GA 1.19.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Automation Update Management",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMS Agent for Linux GA v1.19.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Sentinel",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMS Agent for Linux GA v1.19.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Container Monitoring Solution",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "microsoft-oms-latest with full ID: sha256:855bfeb0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_hdinsights:1.5.42.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure HDInsight",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "omi-1.8.1-0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Open Management Infrastructure",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMI version 1.8.1-0",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:open_management_suite_agent_for_linux:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Open Management Infrastructure",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.8.1-0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Security Center",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMS Agent for Linux GA 1.19.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Log Analytics Agent",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "OMS Agent for Linux GA v1.19.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-03-12T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T15:09:57.578Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
        }
      ],
      "title": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21330",
    "datePublished": "2024-03-12T16:57:56.930Z",
    "dateReserved": "2023-12-08T22:45:19.370Z",
    "dateUpdated": "2024-08-01T22:20:40.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42306
Vulnerability from cvelistv5
Published
2021-11-24 01:05
Modified
2024-08-04 03:30
Summary
Azure Active Directory Information Disclosure Vulnerability
Impacted products
Vendor Product Version
Microsoft Azure Active Directory Version: N/A
Microsoft Azure Site Recovery Version: N/A
Microsoft Azure Migrate Version: N/A
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:38.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:azure_automation:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Automation",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Active Directory",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Site Recovery",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Azure Migrate",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-11-17T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential\u202f on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.\nAzure AD\u202faddressed this vulnerability by preventing disclosure of any private key\u202fvalues added\u202fto the application.\nMicrosoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.\nFor more details on this issue, please refer to the MSRC Blog Entry.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:48:06.584Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42306"
        }
      ],
      "title": "Azure Active Directory Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-42306",
    "datePublished": "2021-11-24T01:05:13",
    "dateReserved": "2021-10-12T00:00:00",
    "dateUpdated": "2024-08-04T03:30:38.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0962
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:29.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Azure Automation",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists in Azure Automation \"RunAs account\" runbooks for users with contributor role, aka \u0027Azure Automation Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:19",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Azure Automation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists in Azure Automation \"RunAs account\" runbooks for users with contributor role, aka \u0027Azure Automation Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0962",
    "datePublished": "2019-07-15T18:56:19",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:29.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}