MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

medium Nessus Plugin ID 63421

Synopsis

A web application hosted on the remote Windows system has multiple cross-site scripting vulnerabilities.

Description

The version of System Center Operations Manager installed on the remote host has multiple reflected cross-site scripting vulnerabilities in the Web Console component. An attacker could exploit this by tricking a user into requesting a specially crafted URL, resulting in arbitrary script code execution.

Solution

Microsoft has released a set of patches for System Center Operations Manager 2007 and 2007 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-003

Plugin Details

Severity: Medium

ID: 63421

File Name: smb_nt_ms13-003.nasl

Version: 1.13

Type: local

Agent: windows

Published: 1/9/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:system_center_operations_manager

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 1/8/2013

Vulnerability Publication Date: 1/8/2013

Reference Information

CVE: CVE-2013-0009, CVE-2013-0010

BID: 55401, 55408

IAVB: 2013-B-0002

MSFT: MS13-003

MSKB: 2783850, 2809182