Critical

VMSA-2020-0003
5.3-9.0
2020-02-18
2020-02-18 (Initial Advisory)
CVE-2020-3943, CVE-2020-3944, CVE-2020-3945
vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)

Share this page on social media

Sign up for Security Advisories

1. Impacted Products
  • vRealize Operations for Horizon Adapter
2. Introduction

vRealize Operations for Horizon Adapter contains multiple security vulnerabilities.  Patches are available to remediate these vulnerabilities in affected VMware products.

3a. vRealize Operations for Horizon Adapter remote code execution vulnerability (CVE-2020-3943)

Description

vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.

Known Attack Vectors

An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Resolution

To remediate CVE-2020-3943, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vRealize Operations for Horizon Adapter
6.7.x
Windows
CVE-2020-3943
9.0
critical
6.7.1
None
None
vRealize Operations for Horizon Adapter
6.6.x
Windows
CVE-2020-3943
9.0
critical
6.6.1
None
None
3b. vRealize Operations for Horizon Adapter authentication bypass vulnerability (CVE-2020-3944)

Description

vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

Known Attack Vectors

An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.

Resolution

To remediate CVE-2020-3944, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vRealize Operations for Horizon Adapter
6.7.x
Windows
CVE-2020-3944
8.6
important
6.7.1
None
None
vRealize Operations for Horizon Adapter
6.6.x
Windows
CVE-2020-3944
8.6
important
6.6.1
None
None
3c. vRealize Operations for Horizon Adapter information disclosure vulnerability (CVE-2020-3945)

Description

vRealize Operations for Horizon Adapter contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information which can be used to bypass the adapter authentication mechanism.

Resolution

To remediate CVE-2020-3945, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vRealize Operations for Horizon Adapter
6.7.x
Windows
CVE-2020-3945
5.3
moderate
6.7.1
None
None
vRealize Operations for Horizon Adapter
6.6.x
Windows
CVE-2020-3945
5.3
moderate
6.6.1
None
None
4. References
5. Change Log

2020-02-18: VMSA-2020-0003  
Initial security advisory in conjunction with the release of vRealize Operations for Horizon Adapter 6.7.1 and 6.6.1 on 2020-02-18.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC


Copyright 2020 VMware Inc. All rights reserved.