All the vulnerabilites related to Microsoft - Microsoft System Center 2019
cve-2024-43594
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-01-08 18:53
Impacted products
Vendor Product Version
Microsoft Microsoft System Center 2019 Version: 10.19.10050.0   < 10.19.10050.0
Microsoft Microsoft System Center 2025 Version: 10.25.10132.0   < 10.25.10132.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-43594",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-07T00:00:00+00:00",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-08T04:55:51.454Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft System Center 2022",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "10.22.10118.0",
                     status: "affected",
                     version: "10.22.10118.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft System Center 2019",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "10.19.10050.0",
                     status: "affected",
                     version: "10.19.10050.0",
                     versionType: "custom",
                  },
               ],
            },
            {
               platforms: [
                  "Unknown",
               ],
               product: "Microsoft System Center 2025",
               vendor: "Microsoft",
               versions: [
                  {
                     lessThan: "10.25.10132.0",
                     status: "affected",
                     version: "10.25.10132.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         cpeApplicability: [
            {
               nodes: [
                  {
                     cpeMatch: [
                        {
                           criteria: "cpe:2.3:a:microsoft:system_center:*:-:*:*:*:*:*:*",
                           versionEndExcluding: "10.22.10118.0",
                           versionStartIncluding: "10.22.10118.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:system_center:*:-:*:*:*:*:*:*",
                           versionEndExcluding: "10.19.10050.0",
                           versionStartIncluding: "10.19.10050.0",
                           vulnerable: true,
                        },
                        {
                           criteria: "cpe:2.3:a:microsoft:system_center:*:-:*:*:*:*:*:*",
                           versionEndExcluding: "10.25.10132.0",
                           versionStartIncluding: "10.25.10132.0",
                           vulnerable: true,
                        },
                     ],
                     negate: false,
                     operator: "OR",
                  },
               ],
            },
         ],
         datePublic: "2024-12-10T08:00:00+00:00",
         descriptions: [
            {
               lang: "en-US",
               value: "Microsoft System Center Elevation of Privilege Vulnerability",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en-US",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284: Improper Access Control",
                     lang: "en-US",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-08T18:53:43.894Z",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "Microsoft System Center Elevation of Privilege Vulnerability",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594",
            },
         ],
         title: "Microsoft System Center Elevation of Privilege Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2024-43594",
      datePublished: "2024-12-10T17:49:04.001Z",
      dateReserved: "2024-08-14T01:08:33.549Z",
      dateUpdated: "2025-01-08T18:53:43.894Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}