VMSA-2020-0003:vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities
23570
16 February 2020
12 January 2020
CLOSED
CRITICAL
5.3-9.0
CVE-2020-3943,CVE-2020-3944,CVE-2020-3945
1. Impacted Products
- vRealize Operations for Horizon Adapter
2. Introduction
vRealize Operations for Horizon Adapter contains multiple security vulnerabilities. Patches are available to remediate these vulnerabilities in affected VMware products.
3a. vRealize Operations for Horizon Adapter remote code execution vulnerability (CVE-2020-3943)
Description
vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.
Known Attack Vectors
An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
Resolution
To remediate CVE-2020-3943, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vRealize Operations for Horizon Adapter | 6.7.x | Windows | CVE-2020-3943 | critical | 6.7.1 | None | None | |
| vRealize Operations for Horizon Adapter | 6.6.x | Windows | CVE-2020-3943 | critical | 6.6.1 | None | None |
3b. vRealize Operations for Horizon Adapter authentication bypass vulnerability (CVE-2020-3944)
Description
vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
Known Attack Vectors
An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.
Resolution
To remediate CVE-2020-3944, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vRealize Operations for Horizon Adapter | 6.7.x | Windows | CVE-2020-3944 | important | 6.7.1 | None | None | |
| vRealize Operations for Horizon Adapter | 6.6.x | Windows | CVE-2020-3944 | important | 6.6.1 | None | None |
3c. vRealize Operations for Horizon Adapter information disclosure vulnerability (CVE-2020-3945)
Description
vRealize Operations for Horizon Adapter contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Known Attack Vectors
An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information which can be used to bypass the adapter authentication mechanism.
Resolution
To remediate CVE-2020-3945, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank An Trinh of Viettel Cyber Security for reporting this issue to us.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vRealize Operations for Horizon Adapter | 6.7.x | Windows | CVE-2020-3945 | moderate | 6.7.1 | None | None | |
| vRealize Operations for Horizon Adapter | 6.6.x | Windows | CVE-2020-3945 | moderate | 6.6.1 | None | None |
4. References
Fixed Version(s) and Release Notes:
vRealize Operations for Horizon Adapter 6.7.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=V4H-671-GA&productId=475&rPId=42574
https://docs.vmware.com/en/VMware-vRealize-Operations-for-Horizon/
vRealize Operations for Horizon Adapter 6.6.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=V4H-661-GA&productId=475&rPId=42574
https://docs.vmware.com/en/VMware-vRealize-Operations-for-Horizon/
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3945
FIRST CVSSv3 Calculator:
CVE-2020-3943 https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-3944 https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-3945 https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5. Change Log
2020-02-18: VMSA-2020-0003
Initial security advisory in conjunction with the release of vRealize Operations for Horizon Adapter 6.7.1 and 6.6.1 on 2020-02-18.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2020 VMware Inc. All rights reserved.