CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-3977

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1170%
EPSS Percentile20.01th
Published2020年9月22日
Last Modified2024年11月21日

Vulnerability Description

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Affected Platforms (CPE)

📦
Vmware

Horizon Daas

>= 8.0.0 and <= 8.0.1
📦
Vmware

Horizon Daas

= 7.0.0

References & Advisories

🔗 https://www.vmware.com/security/advisories/VMSA-2020-0021.html
🔗 https://www.vmware.com/security/advisories/VMSA-2020-0021.html

相关漏洞威胁

CVE-2019-55449.8

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu...

CVE-2018-69608.8

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-fac...

CVE-2017-48975.5

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may expl...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...