Spoofing Vulnerability in Microsoft System Center Operations Manager
CVE-2020-1331

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: System Center 2016 Operations Manager
Vendor: CVE Published:; 9 June 2020

Summary

A spoofing vulnerability exists in Microsoft System Center Operations Manager (SCOM) due to inadequate sanitization of specially crafted web requests. This flaw could allow an adversary to send malicious data to an affected SCOM instance, potentially leading to unauthorized actions and access within the management framework. Organizations using SCOM should ensure they implement updates and monitor their systems for potential exploitation related to this vulnerability.

Affected Version(s)

System Center 2016 Operations Manager = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019