Vulnerabilities in VMware (RMI communication in vRealize Operations for Horizon) are also apply for those vendor who is using RMI in Java environment. (20th Feb 2020)

Preface: JMX is often described as the “Java version” of SNMP (Simple Network Management Protocol).

Synopsis: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.

Security Focus: CVE-2020-3943 – The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to the affected software uses a JMX RMI service which is not securely configured. A remote attacker can execute arbitrary code in vRealize Operations, with the Horizon Adapter running.

Horizon wiki – The Horizon adapter runs on a cluster node or remote collector node in vRealize Operations Manager. You can create a single Horizon adapter instance to monitor multiple Horizon pods. During broker agent configuration, you pair the broker agent with a Horizon adapter instance.

Attack basis: The attacker would have to trick the victim to open a a specially crafted file.

Official announcement: https://www.vmware.com/security/advisories/VMSA-2020-0003.html

Cyber security technical information

Vulnerabilities in VMware (RMI communication in vRealize Operations for Horizon) are also apply for those vendor who is using RMI in Java environment. (20th Feb 2020)

antihackingonline.com