Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Applies to: System Center 2019 Operations Manager, System Center 2016 Operations Manager, System Center 2012 R2 Operations Manager


This article describes an issue that is fixed for System Center Operations Manager 2019, 2016 & 2012 R2. This article also contains the installation instructions for this update. For more information, see the following Common Vulnerabilities and Exposures (CVE): 

CVE-2021-41352 | SCOM Information Disclosure Vulnerability

Issue fixed in this update

Insecure Direct Object Reference (IDOR) vulnerability in APM websites that allows users to access any file under Web folder and gain access to the file contents.


To apply this update, you must have below update respectively.

Files that are included in this update

KB5006871-AMD64-WebConsole-<SCOM version>.msp

Installation Instructions

  1. Download the self-extractor from below locations.

    1. Operations Manager 2012 R2 - here.

    2. Operations Manager 2016 - here.

    3. Operations Manager 2019 - here.

  2. Extract the file to a local folder.

  3. Run the extracted MSP (KB5006871-AMD64-WebConsole-<SCOM version>.msp) on the Web Console servers from an elevated command.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!