Cross-Site Scripting Vulnerability in Microsoft System Center Operations Manager
CVE-2015-2420

Currently unrated

Key Information:

Vendor: Microsoft
Status: System Center Operations Manager
Vendor: CVE Published:; 15 August 2015

What is CVE-2015-2420?

This vulnerability in Microsoft System Center 2012 Operations Manager Web Console allows remote attackers to exploit an XSS flaw by injecting arbitrary web scripts or HTML through crafted URLs. Affected versions include those prior to specific rollups, making it critical for users of the software to implement the necessary updates to mitigate potential security risks.

References

http://www.securitytracker.com/id/1033245

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015