System Center CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (32 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-43594	1 Microsoft	4 System Center, System Center 2019, System Center 2022 and 1 more	2026-06-09	7.3 High
Microsoft System Center Elevation of Privilege Vulnerability
CVE-2017-8540	1 Microsoft	19 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 16 more	2026-04-22	7.8 High
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
CVE-2026-20967	1 Microsoft	4 System Center Operations Manager, System Center Operations Manager 2019, System Center Operations Manager 2022 and 1 more	2026-04-14	8.8 High
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
CVE-2025-27743	1 Microsoft	20 System Center Data Protection Manager, System Center Data Protection Manager 2019, System Center Data Protection Manager 2022 and 17 more	2026-02-13	7.8 High
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
CVE-2021-1647	1 Microsoft	20 Security Essentials, System Center Endpoint Protection, Windows 10 1507 and 17 more	2025-10-30	7.8 High
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-38649	1 Microsoft	12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more	2025-10-30	7 High
Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38645	1 Microsoft	12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more	2025-10-30	7.8 High
Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2021-38647	1 Microsoft	12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more	2025-10-30	9.8 Critical
Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38648	1 Microsoft	12 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics and 9 more	2025-10-30	7.8 High
Open Management Infrastructure Elevation of Privilege Vulnerability
CVE-2023-36043	1 Microsoft	1 System Center Operations Manager	2025-10-08	6.5 Medium
Open Management Infrastructure Information Disclosure Vulnerability
CVE-2022-33640	1 Microsoft	2 Open Management Infrastructure, System Center Operations Manager	2025-06-05	7.8 High
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21334	1 Microsoft	2 Open Management Infrastructure, System Center Operations Manager	2025-05-03	9.8 Critical
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21330	1 Microsoft	8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more	2025-05-03	7.8 High
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2017-8537	1 Microsoft	13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more	2025-04-20	5.5 Medium
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
CVE-2017-8535	1 Microsoft	13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more	2025-04-20	5.5 Medium
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
CVE-2017-8536	1 Microsoft	13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more	2025-04-20	5.5 Medium
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
CVE-2015-2420	1 Microsoft	1 System Center Operations Manager	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability."
CVE-2013-0009	1 Microsoft	1 System Center Operations Manager	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
CVE-2012-2536	1 Microsoft	2 System Center Configuration Manager, Systems Management Server	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
CVE-2013-0010	1 Microsoft	1 System Center Operations Manager	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.

Page 1 of 2. next last »