What versions of OMI are affected?
OMI versions v1.7.1-0 and below are affected.
How do the updates address the vulnerability?
The update disables logging of the credentials in the trace file and deletes the existing trace files that may have credentials logged.
Is there any action customers need to take?
In addition to updating their affected versions of SCOM, customers are encouraged to reset their privileged account passwords.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities.
What type of information could be disclosed by this vulnerability?
Successful exploitation of this vulnerability could allow an attacker to access credentials of privileged accounts stored in trace logs on the machine being monitored by SCOM.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker be an authenticated user with read access to the trace file on the machine being monitored with SCOM and OMI installed.
More details about the CVE can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36043
What versions of OMI are affected?
OMI versions v1.7.1-0 and below are affected.
How do the updates address the vulnerability?
The update disables logging of the credentials in the trace file and deletes the existing trace files that may have credentials logged.
Is there any action customers need to take?
In addition to updating their affected versions of SCOM, customers are encouraged to reset their privileged account passwords.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An attacker who successfully exploits this vulnerability could affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component could be different from the impacted component and are managed by different security authorities.
What type of information could be disclosed by this vulnerability?
Successful exploitation of this vulnerability could allow an attacker to access credentials of privileged accounts stored in trace logs on the machine being monitored by SCOM.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker be an authenticated user with read access to the trace file on the machine being monitored with SCOM and OMI installed.
More details about the CVE can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36043