Mon. Apr 6th, 2020

CVE-2020-3943: Vmware vRealize Remote Code Execution Vulnerability Alert

1 min read

Recently, VMware officially released VMSA-2020-0003 security updates. One of them was a critical vulnerability with CVE number CVE-2020-3943. “vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.”

Affected Version

  • vRealize Operations for Horizon Adapter <= 6.6.0
  • vRealize Operations for Horizon Adapter <= 6.7.0

Unaffected version

  • vRealize Operations for Horizon Adapter 6.6.1
  • vRealize Operations for Horizon Adapter 6.7.1