CVE-2020-3945: 
VMware vRealize Operations Manager vulnerability analysis and mitigation

CVE-2020-3945 is an information disclosure vulnerability affecting VMware vRealize Operations for Horizon Adapter. The vulnerability was discovered and disclosed on February 18, 2020, impacting versions 6.6.x and 6.7.x of the software. The vulnerability stems from an incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View (VMware Advisory).

The vulnerability has been assigned a CVSSv3 base score of 5.3 (Moderate severity) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The technical issue arises from incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View components (VMware Advisory).

An unauthenticated remote attacker with network access to vRealize Operations running the Horizon Adapter can potentially obtain sensitive information. This information could be leveraged to bypass the adapter authentication mechanism (VMware Advisory).

VMware has released patches to address this vulnerability. Users should upgrade to vRealize Operations for Horizon Adapter version 6.6.1 for 6.6.x installations or version 6.7.1 for 6.7.x installations. No workarounds are available for this vulnerability (VMware Advisory).