Configuration Manager
by Microsoft
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43468 | Cri | 0.81 | 9.8 | 0.61 | KEV | Oct 8, 2024 | Microsoft Configuration Manager Remote Code Execution Vulnerability | |
| CVE-2025-59213 | Hig | 0.57 | 8.8 | 0.00 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-47178 | Hig | 0.52 | 8.0 | 0.02 | Jul 8, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | ||
| CVE-2025-47179 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55320 | Med | 0.44 | 6.8 | 0.01 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-59501 | Med | 0.31 | 4.8 | 0.03 | Oct 31, 2025 | Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. |
- risk 0.81cvss 9.8epss 0.61
Microsoft Configuration Manager Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.00
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
- risk 0.52cvss 8.0epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
- risk 0.44cvss 6.7epss 0.00
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
- risk 0.44cvss 6.8epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.31cvss 4.8epss 0.03
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.