This page lists publicly disclosed CVE vulnerabilities affecting microsoft system_center_operations_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-20967 | Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. | [email protected] | 8.8 | 0.09% | 2026-03-10 | 2026-03-13 |
| CVE-2025-27743 | Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.84% | 2025-04-08 | 2025-07-10 |
| CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | [email protected] | 9.8 | 9.14% | 2024-03-12 | 2024-11-29 |
| CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | [email protected] | 7.8 | 0.17% | 2024-03-12 | 2024-12-27 |
| CVE-2023-36043 | Open Management Infrastructure Information Disclosure Vulnerability | [email protected] | 6.5 | 0.33% | 2023-11-14 | 2024-11-21 |
| CVE-2022-33640 | System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | [email protected] | 7.8 | 1.23% | 2022-08-09 | 2025-06-05 |
| CVE-2022-29149 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | [email protected] | 7.8 | 0.16% | 2022-06-15 | 2025-01-02 |
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability | [email protected] | 7.5 | 10.57% | 2021-10-13 | 2024-11-21 |
| CVE-2021-38649 KEV | Open Management Infrastructure Elevation of Privilege Vulnerability | [email protected] | 7.0 | 6.73% | 2021-09-15 | 2025-10-30 |
| CVE-2021-38648 KEV | Open Management Infrastructure Elevation of Privilege Vulnerability | [email protected] | 7.8 | 38.22% | 2021-09-15 | 2025-10-30 |
| CVE-2021-38647 KEV | Open Management Infrastructure Remote Code Execution Vulnerability | [email protected] | 9.8 | 94.36% | 2021-09-15 | 2025-10-30 |
| CVE-2021-38645 KEV | Open Management Infrastructure Elevation of Privilege Vulnerability | [email protected] | 7.8 | 11.63% | 2021-09-15 | 2025-10-30 |
| CVE-2021-1728 | System Center Operations Manager Elevation of Privilege Vulnerability | [email protected] | 8.8 | 1.78% | 2021-02-25 | 2024-11-21 |
| CVE-2020-1331 | A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. | [email protected] | 5.4 | 0.38% | 2020-06-09 | 2024-11-21 |
| CVE-2015-2420 | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." | [email protected] | 4.3 | 12.58% | 2015-08-15 | 2026-05-06 |
| CVE-2013-0010 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. | [email protected] | 4.3 | 24.93% | 2013-01-09 | 2026-04-29 |
| CVE-2013-0009 | Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. | [email protected] | 4.3 | 24.93% | 2013-01-09 | 2026-04-29 |