CVE-2020-3944

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.

Published: Feb 19, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3944
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
vmware / vrealize_operations	6.6.0	6.6.1
vmware / vrealize_operations	6.7.0	6.7.1

https://www.vmware.com/security/advisories/VMSA-2020-0003.html

Vulnerability Database

289,784

CVE-2020-3944