Lucene search
K
MicrosoftConfiguration Manager 2503

6 matches found

CVE
CVE
added 2024/10/08 5:35 p.m.457 views

CVE-2024-43468

CVE-2024-43468 is an unauthenticated SQL injection vulnerability in Microsoft Configuration Manager (ConfigMgr / SCCM) that can lead to remote code execution. Public exploit scripts (e.g., from Synacktiv) demonstrate SQL injections against the site database with MP_Location service that processes...

9.8CVSS9.6AI score0.60661EPSS
In wildWeb
CVE
CVE
added 2025/07/08 4:57 p.m.93 views

CVE-2025-47178

CVE-2025-47178 is a Microsoft Configuration Manager remote code execution vulnerability caused by improper neutralization of SQL input (SQL injection). The flaw could enable an authorized attacker with low privileges to execute arbitrary code on an adjacent network, potentially affecting Microsof...

8CVSS7AI score0.0204EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.42 views

CVE-2025-59213

The CVE-2025-59213 issue affects Microsoft Endpoint Configuration Manager / Configuration Manager (System Center Configuration Manager). The vulnerability is described as improper neutralization of special elements used in an SQL command (SQL injection) that can allow an attacker to elevate privi...

8.8CVSS8.3AI score0.00336EPSS
CVE
CVE
added 2025/10/31 4:45 p.m.32 views

CVE-2025-59501

CVE-2025-59501 is a confirmed spoofing/authentication-bypass vulnerability in Microsoft Configuration Manager (aka Configuration Manager/Endpoint Configuration Manager). Descriptions across Red Hat, NVD, and Microsoft-related sources indicate an attacker with adjacent access could spoof identity ...

4.8CVSS6.4AI score0.03038EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.23 views

CVE-2025-47179

Summary : CVE-2025-47179 is an elevation-of-privilege vulnerability in Microsoft Configuration Manager (aka Microsoft Endpoint/Configuration Manager). The issue arises from improper access control, enabling an authorized attacker to elevate privileges locally. The provided documents indicate a lo...

6.7CVSS5.4AI score0.0034EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.20 views

CVE-2025-55320

The CVE-2025-55320 case is a SQL injection–based Elevation of Privilege vulnerability in Microsoft Endpoint Configuration Manager / Configuration Manager. The issue arises from improper neutralization of special elements in SQL commands, enabling an authorized attacker to elevate privileges on a ...

6.8CVSS6.4AI score0.00622EPSS