CVE-2020-3977
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
VMware Horizon DaaS (versiones 7.x y versiones 8.x anteriores a 8.0.1 Update 1), contiene una vulnerabilidad de autenticación rota debido a un fallo en la manera en que manejaba la autenticación del primer factor. Una explotación con éxito de este problema puede permitir a un atacante omitir el proceso de autenticación de dos factores. Para explotar este problema, un atacante debe tener una cuenta legítima en Horizon DaaS
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-09-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2020-0021.html | 2020-09-30 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Horizon Daas Search vendor "Vmware" for product "Horizon Daas" | >= 8.0.0 <= 8.0.1 Search vendor "Vmware" for product "Horizon Daas" and version " >= 8.0.0 <= 8.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Horizon Daas Search vendor "Vmware" for product "Horizon Daas" | 7.0.0 Search vendor "Vmware" for product "Horizon Daas" and version "7.0.0" | - |
Affected
|