PT-2013-2060 · Microsoft · System Center Operations Manager

Published

2013-01-09

Updated

2018-10-12

CVE-2013-0009

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft System Center Operations Manager versions 2007 SP1 and R2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via crafted input. This can be exploited by sending crafted input to the web console, potentially allowing attackers to execute malicious scripts on the client-side.

Recommendations For Microsoft System Center Operations Manager 2007 SP1, update to a version that includes the fix for this issue. For Microsoft System Center Operations Manager 2007 R2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web console to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-0009

Affected Products

System Center Operations Manager

PT-2013-2060 · Microsoft · System Center Operations Manager

CVE-2013-0009

Weakness Enumeration

Related Identifiers

Affected Products

References · 4