Vulnerabilities > CVE-2020-3943 - Unspecified vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 1 |
Nessus
NASL family | Windows |
NASL id | VMWARE_VREALIZE_OPERATIONS_HORIZON_VMSA_2020_0003.NASL |
description | The version of VMWare vRealize Operations installed on the remote host is 6.6.x prior to 6.6.1 or 6.7.x prior to 6.7.1. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in VMware vRealize Operations due to its utilization of an unsecured JMX RMI service. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the remote host (CVE-2020-3943). - An authentication bypass vulnerability exists in VMware vRealize Operations due to an improper trust store configuration. An unauthenticated, remote attacker can exploit this, to bypass authentication (CVE-2020-3944). - An information disclosure vulnerability exists in VMware vRealize Operations due to an incorrect pairing implementation between VMware products. An unauthenticated, remote attacker can exploit this, to disclose potentially sensitive information (CVE-2020-3945). Note that Nessus has not tested for this issue but has instead relied only on the application |
last seen | 2020-03-18 |
modified | 2020-02-28 |
plugin id | 134163 |
published | 2020-02-28 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/134163 |
title | VMware vRealize Operations for Horizon Adapter Multiple Vulerabilities (VMSA-2020-0003) |
code |
|