Endpoint Configuration Manager
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43468 | 0.19 | — | 0.61 | KEV | Oct 8, 2024 | Microsoft Configuration Manager Remote Code Execution Vulnerability | ||
| CVE-2022-37972 | 0.01 | — | 0.01 | Sep 20, 2022 | Microsoft Endpoint Configuration Manager Spoofing Vulnerability | |||
| CVE-2025-47179 | 0.00 | — | 0.00 | Nov 11, 2025 | Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59501 | 0.00 | — | 0.03 | Oct 31, 2025 | Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | |||
| CVE-2025-59213 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | |||
| CVE-2025-55320 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | |||
| CVE-2025-47178 | 0.00 | — | 0.02 | Jul 8, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | |||
| CVE-2022-24527 | 0.00 | — | 0.01 | Apr 15, 2022 | Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability |
- risk 0.19cvss —epss 0.61
Microsoft Configuration Manager Remote Code Execution Vulnerability
- CVE-2022-37972Sep 20, 2022risk 0.01cvss —epss 0.01
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
- CVE-2025-47179Nov 11, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-59501Oct 31, 2025risk 0.00cvss —epss 0.03
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
- CVE-2025-59213Oct 14, 2025risk 0.00cvss —epss 0.00
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
- CVE-2025-55320Oct 14, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
- CVE-2025-47178Jul 8, 2025risk 0.00cvss —epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
- CVE-2022-24527Apr 15, 2022risk 0.00cvss —epss 0.01
Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability