System Center Operations Manager

system_center_operations_manager

Vendor: Microsoft • 17 CVEs

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-20967 1Microsoft 1System Center Operations Manager Mar 13, 2026 Mar 10, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2025-27743 1Microsoft 5System Center Data Protection Manager System Center Operations ManagerSystem Center Orchestrator+2 more Jul 10, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
CVE-2024-21334 1Microsoft 2Open Management Infrastructure System Center Operations Manager Nov 29, 2024 Mar 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21330 1Microsoft 8Azure Automation Azure Automation Update ManagementAzure Security Center+5 more Dec 27, 2024 Mar 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2023-36043 1Microsoft 1System Center Operations Manager Nov 21, 2024 Nov 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Open Management Infrastructure Information Disclosure Vulnerability
CVE-2022-33640 1Microsoft 2Open Management Infrastructure System Center Operations Manager Jun 5, 2025 Aug 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2022-29149 1Microsoft 10Azure Automation State Configuration Azure Automation Update ManagementAzure Diagnostics+7 more Jan 2, 2025 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2021-41352 1Microsoft 1System Center Operations Manager Nov 21, 2024 Oct 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SCOM Information Disclosure Vulnerability
CVE-2021-38649 1Microsoft 10Azure Automation State Configuration Azure Automation Update ManagementAzure Diagnostics (lad)+7 more Oct 30, 2025 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38648 1Microsoft 10Azure Automation State Configuration Azure Automation Update ManagementAzure Diagnostics (lad)+7 more Oct 30, 2025 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647 1Microsoft 10Azure Automation State Configuration Azure Automation Update ManagementAzure Diagnostics (lad)+7 more Oct 30, 2025 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38645 1Microsoft 10Azure Automation State Configuration Azure Automation Update ManagementAzure Diagnostics (lad)+7 more Oct 30, 2025 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-1728 1Microsoft 1System Center Operations Manager Nov 21, 2024 Feb 25, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 System Center Operations Manager Elevation of Privilege Vulnerability
CVE-2020-1331 1Microsoft 1System Center Operations Manager Nov 21, 2024 Jun 9, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnera...Show more A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.Show less
CVE-2015-2420 1Microsoft 1System Center Operations Manager May 6, 2026 Aug 15, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTM...Show more Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability."Show less
CVE-2013-0010 1Microsoft 1System Center Operations Manager Apr 29, 2026 Jan 9, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manag...Show more Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.Show less
CVE-2013-0009 1Microsoft 1System Center Operations Manager Apr 29, 2026 Jan 9, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manag...Show more Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.Show less