Microsoft System Center Operations Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft System Center Operations Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2026-20967 — CVSS 8.8 (high): Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2020-1331 — CVSS 5.4 (medium): A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to…
CVE-2013-0009 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject…
CVE-2015-2420 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and…
CVE-2013-0010 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject…