CVE-2023-36043 is a vulnerability identified in Microsoft System Center Operations Manager (SCOM) 2022, specifically version 10.22.0. The issue is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. This vulnerability arises from an information disclosure flaw within the Open Management Infrastructure component of SCOM. The flaw allows an attacker with limited privileges (requiring low privileges and no user interaction) to access sensitive data that should otherwise be protected. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector details (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) reveal that the attack requires local access (AV:L), low attack complexity (AC:L), and low privileges (PR:L), but no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality is high (C:H), while integrity and availability are not affected (I:N/A:N). The vulnerability is currently published but has no known exploits in the wild and no patches publicly linked yet. This suggests that while the vulnerability is recognized and documented, active exploitation has not been observed, and mitigation may rely on forthcoming patches or configuration changes.

For European organizations, the exposure of sensitive information through SCOM 2022 can have significant operational and compliance implications. SCOM is widely used for monitoring and managing IT infrastructure, including critical systems in sectors such as finance, healthcare, manufacturing, and government. Unauthorized disclosure of sensitive monitoring data could lead to leakage of internal network configurations, system statuses, or other operational details that adversaries could leverage for further attacks or espionage. Given the medium severity and the requirement for local access with low privileges, insider threats or attackers who have gained limited footholds could exploit this vulnerability to escalate their knowledge of the environment without raising immediate alarms. This could undermine confidentiality and potentially violate GDPR and other data protection regulations if personal or sensitive data is exposed. The lack of impact on integrity and availability reduces the risk of direct service disruption but does not diminish the risk of information leakage leading to secondary attacks. Organizations relying heavily on SCOM for infrastructure monitoring should consider this vulnerability a moderate risk that requires timely attention.

1. Restrict local access to SCOM servers strictly to trusted administrators and service accounts, minimizing the number of users with even low privileges on these systems. 2. Implement network segmentation and access controls to limit who can reach SCOM management servers, reducing the attack surface for local access exploitation. 3. Monitor and audit access logs on SCOM servers for unusual or unauthorized access attempts, focusing on low-privilege accounts that might be probing for sensitive information. 4. Apply the principle of least privilege rigorously for all accounts interacting with SCOM, ensuring that no unnecessary permissions are granted. 5. Stay informed on Microsoft’s official security advisories and apply patches or hotfixes as soon as they become available for this vulnerability. 6. Consider deploying additional endpoint detection and response (EDR) tools on SCOM servers to detect anomalous behaviors indicative of exploitation attempts. 7. Review and harden Open Management Infrastructure configurations to disable or restrict unnecessary information exposure where possible. 8. Conduct internal penetration testing or vulnerability assessments focusing on SCOM environments to identify and remediate potential exploitation paths.