Microsoft released a security update for SCOM versions 2019 – 2016 – 2012R2 for the Web Console component.

A vulnerability was found in the APM Websites connected to the SCOM Web Console that could lead to file access. The fix KB5006871 closes this vulnerability.

The prerequisites before applying this patch is that you are on the latest Update Rollup for the relevant SCOM version. SCOM2019 UR3+ , SCOM 2016 UR10+, SCOM 2012R2 UR14.

You can download the patch from the link below and apply it to your SCOM Web console servers.

Update for IDOR vulnerability in System Center Operations Manager (KB5006871)

Stay safe and healthy!