CVE-2026-20967

Published: Mar 10, 2026Modified: Mar 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: secure@microsoft.com

Description

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Products: Microsoft: System Center Operations Manager

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Microsoft System Center Operations Manager	Version 2019
Microsoft System Center Operations Manager	Version 2019 update_rollup_1
Microsoft System Center Operations Manager	Version 2019 update_rollup_1_hotfix
Microsoft System Center Operations Manager	Version 2019 update_rollup_2
Microsoft System Center Operations Manager	Version 2019 update_rollup_2_hotfix
Microsoft System Center Operations Manager	Version 2019 update_rollup_3
Microsoft System Center Operations Manager	Version 2019 update_rollup_3_hotfix
Microsoft System Center Operations Manager	Version 2019 update_rollup_4
Microsoft System Center Operations Manager	Version 2019 update_rollup_4_hotfix
Microsoft System Center Operations Manager	Version 2019 update_rollup_5
Microsoft System Center Operations Manager	Version 2019 update_rollup_5_hotfix
Microsoft System Center Operations Manager	Version 2019 update_rollup_6
Microsoft System Center Operations Manager	Version 2022
Microsoft System Center Operations Manager	Version 2022 update_rollup_1
Microsoft System Center Operations Manager	Version 2022 update_rollup_1_hotfix
Microsoft System Center Operations Manager	Version 2022 update_rollup_2
Microsoft System Center Operations Manager	Version 2022 update_rollup_2_hotfix
Microsoft System Center Operations Manager	Version 2022 update_rollup_3
Microsoft System Center Operations Manager	Version 2025
Microsoft System Center Operations Manager	Version 2025 update_rollup_1

Source: secure@microsoft.com

Vendor Advisory

No history available yet.