Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2020-1331

Опубликовано: 24 июн. 2020
Источник: msrc
EPSS Низкий

Описание

System Center Operations Manager Spoofing Vulnerability

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM 2016 Web Console instance. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SCOM 2016 Web Console instance.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SCOM 2016 Web Console instance on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that System Center Operations Manager properly sanitizes input.

FAQ

In what instances do I need to install the security update for this vulnerability?

This vulnerability only affects machines that have the SCOM 2016 web console installed. SCOM 2016 web console server machines should have this update installed to be protected from the vulnerability.

Do I need to install the update if my machine is not set up as a web console server?

No. Customers whose machines are not SCOM 2016 web console server machines do not need to install this update.

Обновления

ПродуктСтатьяОбновление
System Center 2016 Operations Manager
4566040
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

N/A

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 59%
0.0038
Низкий

Связанные уязвимости

nvd логотип

CVE-2020-1331

CVSS3: 5.4
nvd
больше 5 лет назад

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.

github логотип

GHSA-g72r-8jv2-wpp8

github
больше 3 лет назад

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.

fstec логотип

BDU:2020-03080

CVSS3: 5.4
fstec
больше 5 лет назад

Уязвимость программы для управления и мониторинга ИТ-сервисов System Center Operations Manager, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 59%
0.0038
Низкий