CVE-2020-3943Improper Input Validation in Vmware Vrealize Operations

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.7%
top 17.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Vrealize OperationsVmware Vrealize Operations FOR Horizon Adapter
Timeline
PublishedFeb 19
Latest updateMay 24

Description

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/vrealize_operations_for_horizon_adapter6.6.x prior to 6.6.1, 6.7.x prior to 6.7.1+1
NVDvmware/vrealize_operations6.6.06.6.1+1

🔴Vulnerability Details

2
GHSA
GHSA-69hc-w7p9-9v7x: vRealize Operations for Horizon Adapter (62022-05-24
CVEList
CVE-2020-3943: vRealize Operations for Horizon Adapter (62020-02-19

📋Vendor Advisories

1
VMware
vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)2020-02-18
CVE-2020-3943 — Improper Input Validation in Vmware | cvebase