CVE-2020-3945

CWE-200Information ExposureCWE-416Use After FreeCWE-20Improper Input Validation8 documents5 sources
Severity
7.5HIGH
EPSS
0.4%
top 36.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Vrealize OperationsVmware Vrealize Operations FOR Horizon Adapter
Timeline
PublishedFeb 19
Latest updateMay 24

Description

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5vmware/vrealize_operations_for_horizon_adapter6.6.x prior to 6.6.1, 6.7.x prior to 6.7.1+1
NVDvmware/vrealize_operations6.6.06.6.1+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-hmjr-69rr-r925: vRealize Operations for Horizon Adapter (62022-05-24
CVEList
CVE-2020-3945: vRealize Operations for Horizon Adapter (62020-02-19

📋Vendor Advisories

5
VMware
vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)2020-02-18
Red Hat
chromium-browser: use-after-free in speech recognizer2020-01-16
Red Hat
chromium-browser: use-after-free in speech recognizer2020-01-16
Red Hat
chromium-browser: extension message verification error2020-01-16
Red Hat
chromium-browser: Use after free in audio2020-01-07
CVE-2020-3945 (HIGH CVSS 7.5) | vRealize Operations for Horizon Ada | cvebase.io