Applies to: System Center 2019 Operations Manager, System Center 2016 Operations Manager, System Center 2012 R2 Operations Manager
Introduction
This article describes an issue that is fixed for System Center Operations Manager 2019, 2016 & 2012 R2. This article also contains the installation instructions for this update. For more information, see the following Common Vulnerabilities and Exposures (CVE):
Issue fixed in this update
Insecure Direct Object Reference (IDOR) vulnerability in APM websites that allows users to access any file under Web folder and gain access to the file contents.
Prerequisites
To apply this update, you must have below update respectively.
Files that are included in this update
KB5006871-AMD64-WebConsole-<SCOM version>.msp
Installation Instructions
-
Download the self-extractor from below locations.
-
Extract the file to a local folder.
-
Run the extracted MSP (KB5006871-AMD64-WebConsole-<SCOM version>.msp) on the Web Console servers from an elevated command.