CVE-2022-29149 - Vulnerability Details

Vendors	Products
Microsoft	Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Azure Security Center Azure Sentinel Azure Stack Hub Container Monitoring Solution Log Analytics Agent Open Management Infrastructure System Center Operations Manager

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149

Type	Values Removed	Values Added
Description	Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Title	Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability	Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Show plain JSON

{"containers": {"cna": {"title": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability", "datePublic": "2022-06-14T07:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "DSC Agent versions: 2.71.1.33, 3.0.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "OMS Agent for Linux GA v1.14.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:log_analytics_agent:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "OMS Agent for Linux GA v1.14.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndExcluding": "LAD v4.0.27 and LAD v3.0.137"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "publication"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "OMS Agent for Linux GA v1.14.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "OMS Agent for Linux GA v1.14.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "OMS Agent for Linux GA v1.14.13"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndExcluding": "OMI Version 1.6.9-1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*", "versionStartIncluding": "10.22.0", "versionEndExcluding": "10.22.1024.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*", "versionStartIncluding": "10.19.0", "versionEndExcluding": "10.19.1152.0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:*", "versionStartIncluding": "7.6.0", "versionEndExcluding": "7.6.1108.0"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Automation State Configuration, DSC Extension", "platforms": ["Unknown"], "versions": [{"version": "2.0.0", "lessThan": "DSC Agent versions: 2.71.1.33, 3.0.0.7", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Automation Update Management", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "OMS Agent for Linux GA v1.14.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Log Analytics Agent", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "OMS Agent for Linux GA v1.14.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Diagnostics (LAD)", "platforms": ["Unknown"], "versions": [{"version": "3.0.0", "lessThan": "LAD v4.0.27 and LAD v3.0.137", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Container Monitoring Solution", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Security Center", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "OMS Agent for Linux GA v1.14.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Sentinel", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "OMS Agent for Linux GA v1.14.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Stack Hub", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "OMS Agent for Linux GA v1.14.13", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Open Management Infrastructure", "platforms": ["Unknown"], "versions": [{"version": "16.0", "lessThan": "OMI Version 1.6.9-1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "System Center Operations Manager (SCOM) 2022", "platforms": ["Unknown"], "versions": [{"version": "10.22.0", "lessThan": "10.22.1024.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "System Center Operations Manager (SCOM) 2019", "platforms": ["Unknown"], "versions": [{"version": "10.19.0", "lessThan": "10.19.1152.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "System Center Operations Manager (SCOM) 2016", "platforms": ["Unknown"], "versions": [{"version": "7.6.0", "lessThan": "7.6.1108.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T19:03:13.161Z"}, "references": [{"name": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:59.490Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-29149", "datePublished": "2022-06-15T21:51:17", "dateReserved": "2022-04-12T00:00:00", "dateUpdated": "2025-01-02T19:03:13.161Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

title : Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (string)

datePublic : 2022-06-14T07:00:00+00:00 (string)

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_automation_state_configuration:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 2.0.0 (string)

versionEndExcluding : DSC Agent versions: 2.71.1.33, 3.0.0.7 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_automation_update_management:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : OMS Agent for Linux GA v1.14.13 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:log_analytics_agent:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : OMS Agent for Linux GA v1.14.13 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 3.0.0 (string)

versionEndExcluding : LAD v4.0.27 and LAD v3.0.137 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:container_monitoring_solution:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : publication (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : OMS Agent for Linux GA v1.14.13 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : OMS Agent for Linux GA v1.14.13 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 1.0.0 (string)

versionEndExcluding : OMS Agent for Linux GA v1.14.13 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 16.0 (string)

versionEndExcluding : OMI Version 1.6.9-1 (string)

}

9 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:* (string)

versionStartIncluding : 10.22.0 (string)

versionEndExcluding : 10.22.1024.0 (string)

}

10 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:* (string)

versionStartIncluding : 10.19.0 (string)

versionEndExcluding : 10.19.1152.0 (string)

}

11 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:*:-:*:*:*:*:*:* (string)

versionStartIncluding : 7.6.0 (string)

versionEndExcluding : 7.6.1108.0 (string)

}

]

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Azure Automation State Configuration, DSC Extension (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 2.0.0 (string)

lessThan : DSC Agent versions: 2.71.1.33, 3.0.0.7 (string)

versionType : custom (string)

status : affected (string)

}

]

}

1 : { »

vendor : Microsoft (string)

product : Azure Automation Update Management (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : OMS Agent for Linux GA v1.14.13 (string)

versionType : custom (string)

status : affected (string)

}

]

}

2 : { »

vendor : Microsoft (string)

product : Log Analytics Agent (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : OMS Agent for Linux GA v1.14.13 (string)

versionType : custom (string)

status : affected (string)

}

]

}

3 : { »

vendor : Microsoft (string)

product : Azure Diagnostics (LAD) (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 3.0.0 (string)

lessThan : LAD v4.0.27 and LAD v3.0.137 (string)

versionType : custom (string)

status : affected (string)

}

]

}

4 : { »

vendor : Microsoft (string)

product : Container Monitoring Solution (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : publication (string)

versionType : custom (string)

status : affected (string)

}

]

}

5 : { »

vendor : Microsoft (string)

product : Azure Security Center (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : OMS Agent for Linux GA v1.14.13 (string)

versionType : custom (string)

status : affected (string)

}

]

}

6 : { »

vendor : Microsoft (string)

product : Azure Sentinel (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : OMS Agent for Linux GA v1.14.13 (string)

versionType : custom (string)

status : affected (string)

}

]

}

7 : { »

vendor : Microsoft (string)

product : Azure Stack Hub (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 1.0.0 (string)

lessThan : OMS Agent for Linux GA v1.14.13 (string)

versionType : custom (string)

status : affected (string)

}

]

}

8 : { »

vendor : Microsoft (string)

product : Open Management Infrastructure (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 16.0 (string)

lessThan : OMI Version 1.6.9-1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

9 : { »

vendor : Microsoft (string)

product : System Center Operations Manager (SCOM) 2022 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 10.22.0 (string)

lessThan : 10.22.1024.0 (string)

versionType : custom (string)

status : affected (string)

}

]

}

10 : { »

vendor : Microsoft (string)

product : System Center Operations Manager (SCOM) 2019 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 10.19.0 (string)

lessThan : 10.19.1152.0 (string)

versionType : custom (string)

status : affected (string)

}

]

}

11 : { »

vendor : Microsoft (string)

product : System Center Operations Manager (SCOM) 2016 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 7.6.0 (string)

lessThan : 7.6.1108.0 (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Elevation of Privilege (string)

lang : en-US (string)

type : Impact (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-01-02T19:03:13.161Z (string)

}

references : [ »

0 : { »

name : Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : HIGH (string)

baseScore : 7.8 (number)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T06:10:59.490Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2022-29149 (string)

datePublished : 2022-06-15T21:51:17 (string)

dateReserved : 2022-04-12T00:00:00 (string)

dateUpdated : 2025-01-02T19:03:13.161Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A8B342-E863-4C71-9CE1-FB325FF34829", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FDF9306-CC67-4A45-8FB1-AA18946FCD8D", "versionEndExcluding": "3.0.137", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5228AB79-AFF1-4B2D-BB60-62D180F6D83B", "versionEndExcluding": "4.0.27", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "0561E514-5A02-4850-8D52-65A8B4B642B2", "versionEndExcluding": "1.14.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC02B82A-903B-467E-92D7-21573ED88FF8", "versionEndExcluding": "1.14.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "51886A45-029F-40A8-929B-49552FEB5298", "versionEndExcluding": "1.14.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "matchCriteriaId": "68A461E8-C834-4F97-98E3-516A191A3BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDAE892B-324C-45E3-BFA0-C2B7B6939F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "73FDDB2A-BA93-47AB-82A3-314638D8A660", "versionEndExcluding": "1.6.9-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2016:-:*:*:*:*:*:*", "matchCriteriaId": "480C08E8-C868-455C-97FB-68311B523F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*", "matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*", "matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Azure Open Management Infrastructure (OMI)"}], "id": "CVE-2022-29149", "lastModified": "2025-01-02T19:16:13.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2022-06-15T22:15:13.220", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DEC617A6-F1BC-44DE-A9BB-BECF2E788B0E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 23A8B342-E863-4C71-9CE1-FB325FF34829 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FDF9306-CC67-4A45-8FB1-AA18946FCD8D (string)

versionEndExcluding : 3.0.137 (string)

versionStartIncluding : 3.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:azure_diagnostics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5228AB79-AFF1-4B2D-BB60-62D180F6D83B (string)

versionEndExcluding : 4.0.27 (string)

versionStartIncluding : 4.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:azure_security_center:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0561E514-5A02-4850-8D52-65A8B4B642B2 (string)

versionEndExcluding : 1.14.13 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:azure_sentinel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CC02B82A-903B-467E-92D7-21573ED88FF8 (string)

versionEndExcluding : 1.14.13 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 51886A45-029F-40A8-929B-49552FEB5298 (string)

versionEndExcluding : 1.14.13 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 68A461E8-C834-4F97-98E3-516A191A3BAA (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FDAE892B-324C-45E3-BFA0-C2B7B6939F54 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 73FDDB2A-BA93-47AB-82A3-314638D8A660 (string)

versionEndExcluding : 1.6.9-1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:2016:-:*:*:*:*:*:* (string)

matchCriteriaId : 480C08E8-C868-455C-97FB-68311B523F8E (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:* (string)

matchCriteriaId : 0BFD64D6-E8BB-4606-8D4C-EAE586CAD791 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:* (string)

matchCriteriaId : ABD632BE-513E-4581-9C8C-3A13DA1ADF1F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (string)

}

1 : { »

lang : es (string)

value : Una Vulnerabilidad de Elevación de Privilegios en Azure Open Management Infrastructure (OMI) (string)

}

]

id : CVE-2022-29149 (string)

lastModified : 2025-01-02T19:16:13.227 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

]

}

published : 2022-06-15T22:15:13.220 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29149 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object