System Center Operations Manager
by Microsoft
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38647 | 0.29 | — | 1.00 | KEV | Sep 15, 2021 | Open Management Infrastructure Remote Code Execution Vulnerability | ||
| CVE-2021-38648 | 0.18 | — | 0.11 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | ||
| CVE-2021-38649 | 0.13 | — | 0.02 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | ||
| CVE-2021-38645 | 0.13 | — | 0.02 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | ||
| CVE-2024-21334 | 0.01 | — | 0.20 | Mar 12, 2024 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | |||
| CVE-2021-41352 | 0.01 | — | 0.03 | Oct 13, 2021 | SCOM Information Disclosure Vulnerability | |||
| CVE-2015-2420 | 0.01 | — | 0.09 | Aug 15, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager… | |||
| CVE-2013-0010 | 0.01 | — | 0.17 | Jan 9, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different… | |||
| CVE-2013-0009 | 0.01 | — | 0.14 | Jan 9, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different… | |||
| CVE-2026-20967 | 0.00 | — | 0.01 | Mar 10, 2026 | Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-27743 | 0.00 | — | 0.01 | Apr 8, 2025 | Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-21330 | 0.00 | — | 0.01 | Mar 12, 2024 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||
| CVE-2023-36043 | 0.00 | — | 0.01 | Nov 14, 2023 | Open Management Infrastructure Information Disclosure Vulnerability | |||
| CVE-2022-33640 | 0.00 | — | 0.01 | Aug 9, 2022 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||
| CVE-2022-29149 | 0.00 | — | 0.01 | Jun 15, 2022 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||
| CVE-2021-1728 | 0.00 | — | 0.02 | Feb 25, 2021 | System Center Operations Manager Elevation of Privilege Vulnerability | |||
| CVE-2020-1331 | 0.00 | — | 0.01 | Jun 9, 2020 | A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. |
- risk 0.29cvss —epss 1.00
Open Management Infrastructure Remote Code Execution Vulnerability
- risk 0.18cvss —epss 0.11
Open Management Infrastructure Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.02
Open Management Infrastructure Elevation of Privilege Vulnerability
- risk 0.13cvss —epss 0.02
Open Management Infrastructure Elevation of Privilege Vulnerability
- CVE-2024-21334Mar 12, 2024risk 0.01cvss —epss 0.20
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
- CVE-2021-41352Oct 13, 2021risk 0.01cvss —epss 0.03
SCOM Information Disclosure Vulnerability
- CVE-2015-2420Aug 15, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager…
- CVE-2013-0010Jan 9, 2013risk 0.01cvss —epss 0.17
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different…
- CVE-2013-0009Jan 9, 2013risk 0.01cvss —epss 0.14
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different…
- CVE-2026-20967Mar 10, 2026risk 0.00cvss —epss 0.01
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
- CVE-2025-27743Apr 8, 2025risk 0.00cvss —epss 0.01
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
- CVE-2024-21330Mar 12, 2024risk 0.00cvss —epss 0.01
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
- CVE-2023-36043Nov 14, 2023risk 0.00cvss —epss 0.01
Open Management Infrastructure Information Disclosure Vulnerability
- CVE-2022-33640Aug 9, 2022risk 0.00cvss —epss 0.01
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
- CVE-2022-29149Jun 15, 2022risk 0.00cvss —epss 0.01
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
- CVE-2021-1728Feb 25, 2021risk 0.00cvss —epss 0.02
System Center Operations Manager Elevation of Privilege Vulnerability
- CVE-2020-1331Jun 9, 2020risk 0.00cvss —epss 0.01
A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.