CVE-2020-3944

CWE-287 — Improper Authentication5 documents5 sources

Severity

8.6HIGH

EPSS

0.4%

top 37.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Operations Vmware Vrealize Operations FOR Horizon Adapter

Timeline

PublishedFeb 19

Latest updateMay 24

Description

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5vmware/vrealize_operations_for_horizon_adapter6.6.x prior to 6.6.1, 6.7.x prior to 6.7.1+1

▶NVDvmware/vrealize_operations6.6.0 — 6.6.1+1

🔴Vulnerability Details

GHSA

GHSA-9468-5fg2-67xr: vRealize Operations for Horizon Adapter (6↗2022-05-24

▶

CVEList

CVE-2020-3944: vRealize Operations for Horizon Adapter (6↗2020-02-19

▶

📋Vendor Advisories

VMware

vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)↗2020-02-18

▶

💬Community

Bugzilla

CVE-2019-17400 unoconv: mishandling of pathname leads to SSRF and local file inclusion↗2019-10-24

▶