CVE-2020-3943

Name of the Vulnerable Software and Affected Versions vRealize Operations for Horizon Adapter versions 6.6.x prior to 6.6.1 vRealize Operations for Horizon Adapter versions 6.7.x prior to 6.7.1

Description The issue is related to the insecure configuration of a JMX RMI service in vRealize Operations for Horizon Adapter. An unauthenticated remote attacker with network access to vRealize Operations, where the Horizon Adapter is running, may be able to execute arbitrary code. The vulnerability is also associated with insufficient input validation, which can allow a remote attacker to execute arbitrary code.

Recommendations For versions 6.6.x prior to 6.6.1, update to version 6.6.1 or later. For versions 6.7.x prior to 6.7.1, update to version 6.7.1 or later. As a temporary workaround, consider disabling the JMX RMI service until a patch is available.