CVE-2020-3943

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Published: Feb 19, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3943
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / vrealize_operations	6.6.0	6.6.1
vmware / vrealize_operations	6.7.0	6.7.1

https://www.vmware.com/security/advisories/VMSA-2020-0003.html

Vulnerability Database

289,784

CVE-2020-3943