A broken authentication vulnerability affecting VMware Horizon DaaS was privately reported to VMware. Updates are available to address this vulnerability in affected VMware product.
Known Attack Vectors
Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process.
Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
To remediate CVE-2020-3977 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.
In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
**This update applies to 8.0.1 only. Please see the download link for more information.
Fixed Version(s) and Release Notes:
Horizon DaaS 8.0.1 Update 1
Downloads and Documentation:
Mitre CVE Dictionary Links:
FIRST CVSSv3 Calculator:
Initial security advisory.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2020 VMware Inc. All rights reserved.