Rewterz Threat Advisory – CVE-2020-3940 – VMware Workspace ONE SDK information disclosure Vulnerability

Monday, January 13, 2020

Severity

Medium

Analysis Summary

VMware Workspace ONE SDK could allow a remote attacker to obtain sensitive information, caused by improper certificate verification. By using man-in-the-middle techniques a remote attacker could exploit this vulnerability to obtain sensitive data in transit if SSL Pinning is enabled.

Impact

Information disclosure

Affected Vendors

VMware

Affected Products

  • Workspace ONE SDK
  • Workspace ONE Boxer
  • Workspace ONE Content
  • Workspace ONE SDK Plugin for Apache Cordova
  • Workspace ONE Intelligent Hub
  • Workspace ONE Notebook
  • Workspace ONE People
  • Workspace ONE PIV-D
  • Workspace ONE Web
  • Workspace ONE SDK Plugin for Xamarin

Remediation

Please see vendor’s advisory for the list of patches available.

https://www.vmware.com/security/advisories/VMSA-2020-0001.html

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.