Skip to main content

System Center Operations Manager

17 CVEs product

Monthly

CVE-2026-20967 HIGH PATCH This Week

Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-based attackers to gain elevated system permissions. An attacker with valid credentials can exploit this weakness to compromise administrative access without user interaction. No patch is currently available for this high-severity vulnerability affecting System Center Operations Manager deployments.

Information Disclosure System Center Operations Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-27743 HIGH This Week

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Center Data Protection Manager System Center Operations Manager System Center Orchestrator System Center Service Manager +1
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2024-21334 CRITICAL PATCH Act Now

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Open Management Infrastructure System Center Operations Manager
NVD
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-21330 HIGH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Azure Automation Azure Automation Update Management Azure Security Center +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-36043 MEDIUM PATCH This Month

Open Management Infrastructure Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Center Operations Manager
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-33640 HIGH This Week

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Open Management Infrastructure System Center Operations Manager
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-29149 HIGH PATCH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Azure Security Center +6
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-41352 HIGH PATCH This Week

SCOM Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure System Center Operations Manager
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-38649 HIGH KEV PATCH THREAT This Week

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Lad Azure Open Management Infrastructure +6
NVD
CVSS 3.1
7.0
EPSS
2.0%
CVE-2021-38648 HIGH POC KEV PATCH THREAT Act Now

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Lad Azure Open Management Infrastructure +6
NVD
CVSS 3.1
7.8
EPSS
11.4%
CVE-2021-38647 CRITICAL POC KEV PATCH THREAT Act Now

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Lad Azure Open Management Infrastructure +6
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2021-38645 HIGH KEV PATCH THREAT This Week

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management Azure Diagnostics Lad Azure Open Management Infrastructure +6
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-1728 HIGH PATCH This Week

System Center Operations Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation System Center Operations Manager
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-1331 MEDIUM PATCH This Month

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass System Center Operations Manager
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2015-2420 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6%.

XSS Microsoft System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
12.6%
CVE-2013-0010 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
24.9%
CVE-2013-0009 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
24.9%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-based attackers to gain elevated system permissions. An attacker with valid credentials can exploit this weakness to compromise administrative access without user interaction. No patch is currently available for this high-severity vulnerability affecting System Center Operations Manager deployments.

Information Disclosure System Center Operations Manager
NVD VulDB
EPSS 2% CVSS 7.8
HIGH This Week

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Center Data Protection Manager System Center Operations Manager +3
NVD
EPSS 20% CVSS 9.8
CRITICAL PATCH Act Now

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Azure Automation +7
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Open Management Infrastructure Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Center Operations Manager
NVD
EPSS 1% CVSS 7.8
HIGH This Week

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Open Management Infrastructure System Center Operations Manager
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management +8
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

SCOM Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure System Center Operations Manager
NVD
EPSS 2% CVSS 7.0
HIGH KEV PATCH THREAT This Week

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Azure Automation State Configuration Azure Automation Update Management +8
NVD
EPSS 11% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management +8
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Azure Automation State Configuration Azure Automation Update Management +8
NVD
EPSS 2% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Azure Automation State Configuration Azure Automation Update Management +8
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

System Center Operations Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation System Center Operations Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass System Center Operations Manager
NVD
EPSS 13% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6%.

XSS Microsoft System Center Operations Manager
NVD
EPSS 25% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD
EPSS 25% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy