cbcvebase.

Microsoft Configuration Manager vulnerabilities

6 known vulnerabilities affecting microsoft/microsoft_configuration_manager.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-43468P1CRITICALCVSS 9.8KEVPoC≥ 1.0.0, < 5.00.91062024-10-08
CVE-2024-43468 [CRITICAL] CWE-89 CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution Vulnerability Microsoft Configuration Manager Remote Code Execution Vulnerability
nvd
CVE-2025-59213P3HIGHCVSS 8.8≥ 1.0.0, < 5.00.9135.10082025-10-14
CVE-2025-59213 [HIGH] CWE-89 CVE-2025-59213: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2025-47178P3HIGHCVSS 8.0≥ 1.0.0, < 5.00.9135.10032025-07-08
CVE-2025-47178 [HIGH] CWE-89 CVE-2025-47178: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
nvd
CVE-2025-55320P3MEDIUMCVSS 6.8≥ 1.0.0, < 5.00.9135.10082025-10-14
CVE-2025-55320 [MEDIUM] CWE-89 CVE-2025-55320: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2025-47179P3MEDIUMCVSS 6.7≥ 1.0.0, < 5.00.9128.10372025-11-11
CVE-2025-47179 [MEDIUM] CWE-284 CVE-2025-47179: Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59501P4MEDIUMCVSS 4.8≥ 1.0.0, < 5.00.9128.10372025-10-31
CVE-2025-59501 [MEDIUM] CWE-290 CVE-2025-59501: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker t Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
nvd
Microsoft Configuration Manager vulnerabilities | cvebase