CyberSec.Space Logo
Back to CVE Browser

CVE-2020-3943

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile22.38th
PublishedFeb 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Affected Platforms (CPE)

📦
Vmware

Vrealize Operations

>= 6.6.0 and < 6.6.1
📦
Vmware

Vrealize Operations

>= 6.7.0 and < 6.7.1

References & Advisories

🔗 https://www.vmware.com/security/advisories/VMSA-2020-0003.html
🔗 https://www.vmware.com/security/advisories/VMSA-2020-0003.html

Related Vulnerabilities

CVE-2016-745710.0

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove v...

CVE-2020-39448.6

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration ...

CVE-2016-74628.5

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary...

CVE-2020-39457.5

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnera...