CVE-2015-2420

Published Aug 15, 2015

Last updated 6 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability."
Source: secure@microsoft.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF7B60DC-85FE-486E-8815-D05077AF7C76"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7526AA88-03BF-45A6-B912-6AB1AF059E89"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED89918B-0A13-4A3A-BAB5-C51C06DF77C8"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47A12CF8-4423-4530-BDB1-51D2F65F1DA7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEFAB9F6-9611-4F34-9117-B61906820FAD"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:r2_rollup6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFDC4AFA-4FE5-40E4-9CFA-4C3751EEB8BA"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCCBA3BB-ED58-4D37-BC70-CF821F067E9A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E755D999-B40B-4EFA-8CA7-EA2182624ED0"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37A2B6C4-2DE8-4CE5-A703-FB5D67089BAD"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C044AE4B-37E9-448A-BD25-E9B651EAD31C"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB31F255-27C7-4A59-B3CA-6985E8DE71E6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14704081-238A-472F-9331-CFD12D53DFD7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:rollup7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E333602-8854-41A3-B24E-0FC081E2A6E3"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33979D2-AADF-41F6-8ABA-402C37DEBFC6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35DED3F2-0CD4-43F5-9AFB-D1010C7D5B4B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "836FB293-2F5D-40B4-9B15-A9147CE3CBA7"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20CDACCA-04F0-49E9-87A2-813BC38FEFA1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08901616-DEAB-4FA8-B41B-9DA85900DB3B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0A73D2B-035F-4052-AAFE-0CDA2C01EF2D"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F99CD3B-7E82-4EFA-A47B-2F93AD827C26"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E052BA8-F494-4915-8B38-88840DA407D1"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2012:sp1_rollup9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19A815B9-25D5-4D71-AB8E-036AF540D933"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References