Cyber Resilience

CVE-2024-21330

High

Published: 12 March 2024

Published
12 March 2024
Modified
27 December 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 37.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21330 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft System Center Operations Manager. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
azure automation
all versions
microsoft
azure automation update management
all versions
microsoft
azure security center
all versions
microsoft
azure sentinel
all versions
microsoft
container monitoring solution
all versions
microsoft
log analytics agent
all versions
microsoft
operations management suite agent for linux
≤ 1.8.1-0
microsoft
system center operations manager
2019, 2022

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References