{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:25:18.518","vulnerabilities":[{"cve":{"id":"CVE-2020-3977","sourceIdentifier":"security@vmware.com","published":"2020-09-22T14:15:12.297","lastModified":"2024-11-21T05:32:06.037","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS."},{"lang":"es","value":"VMware Horizon DaaS (versiones 7.x y versiones 8.x anteriores a 8.0.1 Update 1), contiene una vulnerabilidad de autenticación rota debido a un fallo en la manera en que manejaba la autenticación del primer factor. Una explotación con éxito de este problema puede permitir a un atacante omitir el proceso de autenticación de dos factores. Para explotar este problema, un atacante debe tener una cuenta legítima en Horizon DaaS"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:horizon_daas:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.1","matchCriteriaId":"04196964-03AF-4F6B-9159-5F635812FFA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:horizon_daas:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B3720873-7471-47D2-A814-E7441CA0754E"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2020-0021.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2020-0021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}