CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-3977

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://www.vmware.com/security/advisories/VMSA-2020-0021.html
https://www.vmware.com/security/advisories/VMSA-2020-0021.html

Products affected by CVE-2020-3977

Vmware » Horizon Daas » Version: 7.0.0

cpe:2.3:a:vmware:horizon_daas:7.0.0
Vmware » Horizon Daas » Version: 8.0.0

cpe:2.3:a:vmware:horizon_daas:8.0.0
Vmware » Horizon Daas » Version: 8.0.1

cpe:2.3:a:vmware:horizon_daas:8.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-3977

Products

Pricing

Contact Us