Detections
Analytics

Security Updates for Microsoft System Center Operations Manager (March 2026)

high Nessus Plugin ID 302166

Language:

Synopsis

A web application hosted on the remote Windows system is affected by an elevation of privilege vulnerability.

Description

The version of Microsoft System Center Operations Manager installed on the remote Windows host is affected by an elevation of privilege vulnerability. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected SCOM instance.

Solution

Microsoft has released a set of patches for System Center Operations Manager 2019, 2022, and 2025.

See Also

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967

http://www.nessus.org/u?0397df2b

http://www.nessus.org/u?34327c7d

http://www.nessus.org/u?91fc00fa

Plugin Details

Severity: High

ID: 302166

File Name: smb_nt_ms26_mar_scom.nasl

Version: 1.1

Type: local

Agent: windows

Published: 3/13/2026

Updated: 3/13/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-20967

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:system_center_operations_manager

Required KB Items: installed_sw/System Center Operations Manager Server

Patch Publication Date: 3/10/2026

Vulnerability Publication Date: 3/10/2026

Reference Information

CVE: CVE-2026-20967

IAVA: 2026-A-0232