1. Impacted Products
- VMware Horizon DaaS (Horizon DaaS)
A broken authentication vulnerability affecting VMware Horizon DaaS was privately reported to VMware. Updates are available to address this vulnerability in affected VMware product.
3. Broken authentication vulnerability (CVE-2020-3977)
Known Attack Vectors
Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process.
Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
To remediate CVE-2020-3977 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.
In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
**This update applies to 8.0.1 only. Please see the download link for more information.
Fixed Version(s) and Release Notes:
Horizon DaaS 8.0.1 Update 1
Downloads and Documentation:
Mitre CVE Dictionary Links:
FIRST CVSSv3 Calculator:
5. Change Log
Initial security advisory.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2020 VMware Inc. All rights reserved.