Rewterz Threat Advisory – CVE-2020-3940 – VMware Workspace ONE SDK information disclosure Vulnerability

Monday, January 13, 2020



Analysis Summary

VMware Workspace ONE SDK could allow a remote attacker to obtain sensitive information, caused by improper certificate verification. By using man-in-the-middle techniques a remote attacker could exploit this vulnerability to obtain sensitive data in transit if SSL Pinning is enabled.


Information disclosure

Affected Vendors


Affected Products

  • Workspace ONE SDK
  • Workspace ONE Boxer
  • Workspace ONE Content
  • Workspace ONE SDK Plugin for Apache Cordova
  • Workspace ONE Intelligent Hub
  • Workspace ONE Notebook
  • Workspace ONE People
  • Workspace ONE PIV-D
  • Workspace ONE Web
  • Workspace ONE SDK Plugin for Xamarin


Please see vendor’s advisory for the list of patches available.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.