CVE-2020-3943
First published: Wed Feb 19 2020(Updated: )
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vmware Vrealize Operations | >=6.6.0<6.6.1 | |
| Vmware Vrealize Operations | >=6.7.0<6.7.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-3943.
What is the severity of CVE-2020-3943?
CVE-2020-3943 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2020-3943?
vRealize Operations for Horizon Adapter versions 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 are affected.
How is an attacker able to exploit CVE-2020-3943?
An unauthenticated remote attacker with network access to vRealize Operations, when the Horizon Adapter is running, may be able to execute arbitrary code.
Is Microsoft Windows affected by CVE-2020-3943?
No, Microsoft Windows is not affected by this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vrealize operations
- version/vmware vrealize operations/6.6.0
- version/vmware vrealize operations/6.7.0
- vendor/microsoft
- canonical/microsoft windows