System Center Configuration Manager
by Microsoft
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2536 | 0.04 | — | 0.44 | Sep 11, 2012 | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." | |||
| CVE-2025-47179 | 0.00 | — | 0.00 | Nov 11, 2025 | Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-59501 | 0.00 | — | 0.00 | Oct 31, 2025 | Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. | |||
| CVE-2025-59213 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network. | |||
| CVE-2025-55320 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | |||
| CVE-2025-47178 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. |
- CVE-2012-2536Sep 11, 2012risk 0.04cvss —epss 0.44
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
- CVE-2025-47179Nov 11, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-59501Oct 31, 2025risk 0.00cvss —epss 0.00
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
- CVE-2025-59213Oct 14, 2025risk 0.00cvss —epss 0.00
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
- CVE-2025-55320Oct 14, 2025risk 0.00cvss —epss 0.00
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
- CVE-2025-47178Jul 8, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.