Request a Demo
Rewterz
Rewterz Threat Alert – Active Cryptomining Worm
January 13, 2020
Rewterz
Rewterz Threat Alert – Muddy Water Summer Mirage Campaign – IOC’s
January 13, 2020

Rewterz Threat Advisory – CVE-2020-3940 – VMware Workspace ONE SDK information disclosure Vulnerability

Severity

Medium

Analysis Summary

VMware Workspace ONE SDK could allow a remote attacker to obtain sensitive information, caused by improper certificate verification. By using man-in-the-middle techniques a remote attacker could exploit this vulnerability to obtain sensitive data in transit if SSL Pinning is enabled.

Impact

Information disclosure

Affected Vendors

VMware

Affected Products

  • Workspace ONE SDK
  • Workspace ONE Boxer
  • Workspace ONE Content
  • Workspace ONE SDK Plugin for Apache Cordova
  • Workspace ONE Intelligent Hub
  • Workspace ONE Notebook
  • Workspace ONE People
  • Workspace ONE PIV-D
  • Workspace ONE Web
  • Workspace ONE SDK Plugin for Xamarin

Remediation

Please see vendor’s advisory for the list of patches available.

https://www.vmware.com/security/advisories/VMSA-2020-0001.html