CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3977
https://notcve.org/view.php?id=CVE-2020-3977
22 Sep 2020 — VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware Horizon DaaS (versiones 7.x y versiones 8.x anteriores a 8.0.1 Update 1), contiene una vulnerabilidad de autenticación rota debido a un ... • https://www.vmware.com/security/advisories/VMSA-2020-0021.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2018-6960 – VMware Security Advisory 2018-0010
https://notcve.org/view.php?id=CVE-2018-6960
20 Apr 2018 — VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware Horizon DaaS (versiones 7.x anteriores a la 8.0.0) contiene una vulnerabilidad de autenticación rota que podría permitir que un atacante omita la autenticación de doble factor. Nota: para explotar este problema, un atacante debe tener una cuenta legítima en... • http://www.securityfocus.com/bid/103938 • CWE-287: Improper Authentication •