Vulnerabilities in VMware (RMI communication in vRealize Operations for Horizon) are also apply for those vendor who is using RMI in Java environment. (20th Feb 2020)

Preface: JMX is often described as the “Java version” of SNMP (Simple Network Management Protocol).

Synopsis: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.

Security Focus: CVE-2020-3943 – The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to the affected software uses a JMX RMI service which is not securely configured. A remote attacker can execute arbitrary code in vRealize Operations, with the Horizon Adapter running.

Horizon wiki – The Horizon adapter runs on a cluster node or remote collector node in vRealize Operations Manager. You can create a single Horizon adapter instance to monitor multiple Horizon pods. During broker agent configuration, you pair the broker agent with a Horizon adapter instance.

Attack basis: The attacker would have to trick the victim to open a a specially crafted file.

Official announcement: https://www.vmware.com/security/advisories/VMSA-2020-0003.html