CVE-2020-3977Missing Authentication for Critical Function in Vmware Horizon Daas

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 69.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Horizon Daas
Timeline
PublishedSep 22
Latest updateMay 24

Description

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDvmware/horizon_daas8.0.08.0.1+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-564r-7p67-986w: VMware Horizon DaaS (72022-05-24
CVEList
CVE-2020-3977: VMware Horizon DaaS (72020-09-22
CVE-2020-3977 — Vmware Horizon Daas vulnerability | cvebase