Skip to main content

System Center Operations Manager CVE-2020-1331

MEDIUM
Authentication Bypass by Spoofing (CWE-290)
2020-06-09 secure@microsoft.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 09, 2020 - 20:15 nvd
MEDIUM 5.4

DescriptionNVD

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.

AnalysisAI

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-290. A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. Affected products include: Microsoft System Center Operations Manager.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-38647 CRITICAL POC
9.8 Sep 15

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2021-38648 HIGH POC
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2024-21334 CRITICAL
9.8 Mar 12

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulne

CVE-2013-0010 MEDIUM
4.3 Jan 09

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote att

CVE-2013-0009 MEDIUM
4.3 Jan 09

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote att

CVE-2026-20967 HIGH
8.8 Mar 10

Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-bas

CVE-2021-1728 HIGH
8.8 Feb 25

System Center Operations Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2025-27743 HIGH
7.8 Apr 08

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. Rated high severity

CVE-2024-21330 HIGH
7.8 Mar 12

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2022-33640 HIGH
7.8 Aug 09

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high

CVE-2022-29149 HIGH
7.8 Jun 15

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2021-38645 HIGH
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

Share

CVE-2020-1331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy