{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "System Center Operations Manager (SCOM) 2022 versions ant\u00e9rieures \u00e0 10.22.10684.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2019 versions ant\u00e9rieures \u00e0 10.19.10652.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2025 versions ant\u00e9rieures \u00e0 10.25.10132.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10416.20026",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5478.1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft/Muzic versions ant\u00e9rieures \u00e0 196.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17928.20290",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender pour Endpoint pour Android versions ant\u00e9rieures \u00e0 1.0.7128.0101",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43594"
    },
    {
      "name": "CVE-2024-49068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49068"
    },
    {
      "name": "CVE-2024-49070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49070"
    },
    {
      "name": "CVE-2024-49065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49065"
    },
    {
      "name": "CVE-2024-49062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49062"
    },
    {
      "name": "CVE-2024-49064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49064"
    },
    {
      "name": "CVE-2024-49063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49063"
    },
    {
      "name": "CVE-2024-49057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49057"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1070",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49065",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49070",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43594",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49064",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49057",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49063",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49068",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "System Center Operations Manager (SCOM) 2022 versions ant\u00e9rieures \u00e0 10.22.10684.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2019 versions ant\u00e9rieures \u00e0 10.19.10652.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System Center Operations Manager (SCOM) 2025 versions ant\u00e9rieures \u00e0 10.25.10132.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10416.20026",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5478.1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft/Muzic versions ant\u00e9rieures \u00e0 196.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17928.20290",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender pour Endpoint pour Android versions ant\u00e9rieures \u00e0 1.0.7128.0101",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43594"
    },
    {
      "name": "CVE-2024-49068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49068"
    },
    {
      "name": "CVE-2024-49070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49070"
    },
    {
      "name": "CVE-2024-49065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49065"
    },
    {
      "name": "CVE-2024-49062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49062"
    },
    {
      "name": "CVE-2024-49064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49064"
    },
    {
      "name": "CVE-2024-49063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49063"
    },
    {
      "name": "CVE-2024-49057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49057"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1070",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49065",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49070",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-43594",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49064",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49057",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49063",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49068",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068"
    }
  ]
}

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2019 \u0434\u043e 10.19.10652.0 (System Center Operations Manager (SCOM)), 2022 \u0434\u043e 10.22.10684.0 (System Center Operations Manager (SCOM)), 2025 \u0434\u043e 10.25.10132.0 (System Center Operations Manager (SCOM))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43594",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.12.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-11074",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-43594",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "System Center Operations Manager (SCOM)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0418\u0422-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Microsoft System Center Operations Manager (SCOM), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0418\u0422-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Microsoft System Center Operations Manager (SCOM) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43594",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF01F8D-9558-4C2D-9919-0EA6A16DE01C",
              "versionEndExcluding": "10.19.10050.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECCD6DC-ABD4-4419-A04F-ACC05F200387",
              "versionEndExcluding": "10.22.10118.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_2025:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0582488-77DD-4D70-A486-103E26507079",
              "versionEndExcluding": "10.25.10132.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft System Center Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en System Center Operations Manager"
    }
  ],
  "id": "CVE-2024-43594",
  "lastModified": "2025-01-08T12:38:56.207",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-12T02:00:54.287",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2024-43594"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T02:00:54Z",
    "severity": "HIGH"
  },
  "details": "System Center Operations Manager Elevation of Privilege Vulnerability",
  "id": "GHSA-7rqg-87vg-jf87",
  "modified": "2024-12-12T03:33:03Z",
  "published": "2024-12-12T03:33:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43594"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "R4nger \u0026amp; Zhiniang Peng"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
      },
      {
        "category": "self",
        "summary": "CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-43594.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft System Center Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2025-01-07T08:00:00.000Z",
      "generator": {
        "date": "2025-05-13T15:25:05.184Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-43594",
      "initial_release_date": "2024-12-10T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-12-10T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-12-18T08:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Corrected CVE title and Vulnerability Family to specify System Center as the affected product line. Corrected Fixed Build Numbers and Download links in the Security Updates table. Added FAQs explaining which customers are affected and the mitigation actions required. This is an informational change only."
        },
        {
          "date": "2024-12-19T08:00:00.000Z",
          "legacy_version": "2",
          "number": "3",
          "summary": "Revised the Security Updates table to specify Microsoft System Center is affected by CVE-2024-43594. Customers running affected versions of Microsoft System Center must delete the existing installer setup files (.exe) and then download the latest version of their  Microsoft System Center product to mitigate the vulnerability."
        },
        {
          "date": "2025-01-07T08:00:00.000Z",
          "legacy_version": "2.1",
          "number": "4",
          "summary": "Fixed a typo in the FAQ."
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.22.10118.0",
            "product": {
              "name": "Microsoft System Center 2022 \u003c10.22.10118.0",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.22.10118.0",
            "product": {
              "name": "Microsoft System Center 2022 10.22.10118.0",
              "product_id": "12461"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft System Center 2022"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.19.10050.0",
            "product": {
              "name": "Microsoft System Center 2019 \u003c10.19.10050.0",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.19.10050.0",
            "product": {
              "name": "Microsoft System Center 2019 10.19.10050.0",
              "product_id": "12462"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft System Center 2019"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.25.10132.0",
            "product": {
              "name": "Microsoft System Center 2025 \u003c10.25.10132.0",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "10.25.10132.0",
            "product": {
              "name": "Microsoft System Center 2025 10.25.10132.0",
              "product_id": "12460"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft System Center 2025"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43594",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could gain administrator privileges.",
          "title": "What privileges could be gained by an attacker who successfully exploited the vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation.",
          "title": "According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation requires the victim to install an affected version of the product which would trigger the vulnerability.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "This vulnerability affects all products under Microsoft System Center. A full list can be found in the following product documentation: Microsoft System Center documentation",
          "title": "What Microsoft System Center Products are affected by this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Only customers who re-use existing System Center installer files (.exe) files to deploy new instances in their environment are affected by this vulnerability. Customers performing installations in this manner must delete the existing installer setup files (.exe) and then download the latest version of their System Center product linked in the Security Updates table of this CVE to mitigate the vulnerability.\nCustomers who download new versions of the setup files (.exe) for new deployments are not affected and do not need to perform an action to mitigate the vulnerability.",
          "title": "What actions do customers need to take to protect themselves from this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "12460",
          "12461",
          "12462"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594"
        },
        {
          "category": "self",
          "summary": "CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-43594.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-12-10T08:00:00.000Z",
          "details": "10.22.10118.0:Security Update:https://go.microsoft.com/fwlink/p/?linkid=2197142",
          "product_ids": [
            "2"
          ],
          "url": "https://go.microsoft.com/fwlink/p/?linkid=2197142"
        },
        {
          "category": "vendor_fix",
          "date": "2024-12-10T08:00:00.000Z",
          "details": "10.19.10050.0:Security Update:https://go.microsoft.com/fwlink/?linkid=2225269",
          "product_ids": [
            "1"
          ],
          "url": "https://go.microsoft.com/fwlink/?linkid=2225269"
        },
        {
          "category": "vendor_fix",
          "date": "2024-12-10T08:00:00.000Z",
          "details": "10.25.10132.0:Security Update:https://go.microsoft.com/fwlink/?linkid=2197142",
          "product_ids": [
            "3"
          ],
          "url": "https://go.microsoft.com/fwlink/?linkid=2197142"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft System Center Elevation of Privilege Vulnerability"
    }
  ]
}