FKIE_CVE-2026-20967

Vulnerability from fkie_nvd - Published: 2026-03-10 18:18 - Updated: 2026-03-13 17:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967Vendor Advisory
Impacted products
Vendor Product Version
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2019
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2022
microsoft system_center_operations_manager 2025
microsoft system_center_operations_manager 2025
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*",
              "matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1:*:*:*:*:*:*",
              "matchCriteriaId": "60D16C06-DC8C-4990-A813-DC8FB599F2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "4E460428-07C5-4CC9-A8E1-3B9D1049C945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2:*:*:*:*:*:*",
              "matchCriteriaId": "A06A8B5C-19CB-471E-A6CE-8A409A75D215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "00FE8943-EB78-4E7B-892D-89633450E1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3:*:*:*:*:*:*",
              "matchCriteriaId": "C764DB6F-3551-4F97-9F1F-F558224034BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "C7CBAAAF-FDD7-4FA7-AB25-AEEE2D7959FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4:*:*:*:*:*:*",
              "matchCriteriaId": "8EC811F7-AA65-405D-B25E-1A3DFA221322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "14BCC26E-10BF-4046-8000-0423161486A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5:*:*:*:*:*:*",
              "matchCriteriaId": "AE41DAE4-91BE-4198-9ACB-33481D9B216F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "596A894F-CDFC-4BB9-B3C0-73E1C8334025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_6:*:*:*:*:*:*",
              "matchCriteriaId": "AE42550B-80DB-4977-80FF-F1A329DE2663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*",
              "matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1:*:*:*:*:*:*",
              "matchCriteriaId": "A3C221E0-42CC-480E-B704-AF27429FA20E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "FDBC5F8D-F48D-4CAA-830A-181F3019A804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2:*:*:*:*:*:*",
              "matchCriteriaId": "82E3989D-24AC-4229-9C61-4F6A7E15C592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2_hotfix:*:*:*:*:*:*",
              "matchCriteriaId": "BC796BB3-1BBA-41FB-AA42-1C5643183835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_3:*:*:*:*:*:*",
              "matchCriteriaId": "E6ED73D7-3055-47FF-8641-A8AA3E3C43E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2025:-:*:*:*:*:*:*",
              "matchCriteriaId": "0507AA0D-CBD5-400D-B24C-0549778F6029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2025:update_rollup_1:*:*:*:*:*:*",
              "matchCriteriaId": "ABE4BD19-1750-4C5D-B75C-05E9830AA632",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network."
    },
    {
      "lang": "es",
      "value": "Validaci\u00f3n de entrada incorrecta en System Center Operations Manager permite a un atacante autorizado elevar privilegios a trav\u00e9s de una red."
    }
  ],
  "id": "CVE-2026-20967",
  "lastModified": "2026-03-13T17:11:29.083",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-10T18:18:05.987",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.