VMware has patched serious vulnerabilities, including remote code execution and authentication bypass issues, in vRealize Operations for Horizon Adapter.
VMware vRealize Operations is designed to deliver operational insights in an effort to simplify and automate the management of applications and infrastructure across virtual, physical and cloud environments. Horizon Adapter instances created on vRealize Operations Manager nodes enable users to receive communications from Horizon agents installed on virtual machines.
An Trinh of the cyber security division at Viettel, Vietnam’s largest telecommunications service provider, discovered that vRealize Operations for Horizon Adapter is affected by three vulnerabilities.
SecurityWeek reached out to Trinh for more information on the vulnerabilities, but the researcher said he did not want to share any additional details at this time.
According to VMware, the most serious of the flaws, tracked as CVE-2020-3943 and classified as critical, can allow remote code execution. The vulnerability can be exploited by an unauthenticated attacker with network access to vRealize Operations, with the Horizon Adapter running.
“vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured,” VMware said in an advisory.
The second vulnerability, tracked as CVE-2020-3944 and rated high severity, allows an unauthenticated attacker with access to the network to bypass Adapter authentication. VMware has blamed the vulnerability on “an improper trust store configuration.”
The third security hole uncovered by Trinh is an information disclosure issue caused by “incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View.”
According to VMware, which classified this vulnerability as medium severity, an unauthenticated attacker may be able to obtain sensitive information that they can leverage to bypass the Adapter’s authentication mechanism.
All vulnerabilities affect vRealize Operations for Horizon Adapter 6.6.x and 6.7.x on Windows, and they have been patched with the release of versions 6.6.1 and 6.7.1. No workarounds are available.