CVE-2020-3945

EUVD-2020-25210
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
vmwarevrealize_operations
6.6.0 ≤
𝑥
< 6.6.1
vmwarevrealize_operations
6.7.0 ≤
𝑥
< 6.7.1
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2020-0003.html
https://www.vmware.com/security/advisories/VMSA-2020-0003.html