CVE-2020-3943: 
VMware vRealize Operations Manager vulnerability analysis and mitigation

CVE-2020-3943 affects vRealize Operations for Horizon Adapter (versions 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1). The vulnerability was discovered by An Trinh of Viettel Cyber Security and was disclosed on February 18, 2020. This critical vulnerability stems from an insecurely configured JMX RMI service in the affected software (VMware Advisory).

The vulnerability involves an insecurely configured JMX RMI service in vRealize Operations for Horizon Adapter. It has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating the highest severity level for remote code execution vulnerabilities (NVD).

The vulnerability allows an unauthenticated remote attacker with network access to vRealize Operations, where the Horizon Adapter is running, to execute arbitrary code in vRealize Operations. This represents a critical security risk as it could lead to complete system compromise (VMware Advisory).

VMware has released patches to address this vulnerability. Users should upgrade to vRealize Operations for Horizon Adapter version 6.7.1 (for 6.7.x installations) or version 6.6.1 (for 6.6.x installations). No workarounds are available for this vulnerability, making patching the only effective mitigation strategy (VMware Advisory).