CVE-2020-3944: 
VMware vRealize Operations Manager vulnerability analysis and mitigation

CVE-2020-3944 is an authentication bypass vulnerability affecting VMware vRealize Operations for Horizon Adapter (versions 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1). The vulnerability was discovered and reported by An Trinh of Viettel Cyber Security, with an initial advisory published on January 12, 2020, and updated on February 18, 2020. The vulnerability stems from an improper trust store configuration in the affected software (VMware Advisory).

The vulnerability has been assigned a CVSSv3 base score of 8.6, categorized as 'Important' severity. The technical root cause is identified as an improper trust store configuration that can lead to authentication bypass. The vulnerability can be exploited through network access, requiring no authentication or user interaction, making it particularly concerning from a security perspective (VMware Advisory).

An unauthenticated remote attacker who has network access to vRealize Operations with the Horizon Adapter running may be able to bypass Adapter authentication. This could potentially lead to unauthorized access to sensitive system resources and functionality (VMware Advisory).

VMware has released patches to address this vulnerability. Users should upgrade to vRealize Operations for Horizon Adapter version 6.7.1 for 6.7.x installations, or version 6.6.1 for 6.6.x installations. No workarounds are available for this vulnerability, making patching the only effective mitigation strategy (VMware Advisory).