VMwareVMSA-2020-0003vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)
3a. vRealize Operations for Horizon Adapter remote code execution vulnerability (CVE-2020-3943)
vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.
3b. vRealize Operations for Horizon Adapter authentication bypass vulnerability (CVE-2020-3944)
vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
3c. vRealize Operations for Horizon Adapter information disclosure vulnerability (CVE-2020-3945)
vRealize Operations for Horizon Adapter contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3945
docs.vmware.com/en/VMware-vRealize-Operations-for-Horizon/
my.vmware.com/web/vmware/details?downloadGroup=V4H-661-GA&productId=475&rPId=42574
my.vmware.com/web/vmware/details?downloadGroup=V4H-671-GA&productId=475&rPId=42574
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Related
