cvelistv5 - cve-2020-3940

CVE-2020-3940 (GCVE-0-2020-3940)

Vulnerability from cvelistv5 – Published: 2020-01-17 17:59 – Updated: 2024-08-04 07:52

Summary

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

Severity ?

No CVSS data available.

CWE

Sensitive information disclosure

Assigner

vmware

References

URL

Tags

https://www.vmware.com/security/advisories/VMSA-2…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	VMware	Workspace ONE SDK	Affected: Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Workspace ONE SDK",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Sensitive information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-17T17:59:29",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2020-3940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Workspace ONE SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Sensitive information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2020-3940",
    "datePublished": "2020-01-17T17:59:29",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_boxer:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"5.13.1\", \"matchCriteriaId\": \"FCAAAA00-5DA8-4D7D-BFA3-D45A637032FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"3.21\", \"matchCriteriaId\": \"D0D4F64D-4877-4BD2-8926-4600CAD3F804\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:iphone_os:*:*\", \"versionEndExcluding\": \"4.20\", \"matchCriteriaId\": \"602D8CAD-CF93-4311-9E59-D62F54B0816D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_intelligent_hub:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"19.11.1\", \"matchCriteriaId\": \"391C27B6-A114-4451-B318-279D26AC79FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_notebook:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"1.2.1\", \"matchCriteriaId\": \"1A508AC6-131F-4A0F-B292-1006059ECD16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_people:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"1.3.2\", \"matchCriteriaId\": \"CFB2EFB3-E93C-4A5D-95B2-0F3B3DE1CBF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_piv-d_manager:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"80356ACB-FA05-4BE6-A78E-34613B23D574\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:xamarin:*:*\", \"versionEndExcluding\": \"1.4.1\", \"matchCriteriaId\": \"339F4720-437E-4C2C-8B61-44811DA224A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:apache_cordova:*:*\", \"versionEndExcluding\": \"1.5.1\", \"matchCriteriaId\": \"2B2AD677-A184-4F47-AD07-FE7373E1740C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:android:*:*\", \"versionStartIncluding\": \"19.8.0\", \"versionEndExcluding\": \"19.11.1\", \"matchCriteriaId\": \"EE938B0B-31E7-4783-8844-2BFC58E378BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_sdk_\\\\(objective-c\\\\):*:*:*:*:iphone_os:*:*:*\", \"versionStartIncluding\": \"5.9.9.7\", \"versionEndExcluding\": \"5.9.9.8\", \"matchCriteriaId\": \"1504AEEB-34D4-4E61-B9B9-2362A58FAA19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_web:*:*:*:*:*:android:*:*\", \"versionEndExcluding\": \"7.10.8\", \"matchCriteriaId\": \"CFC2C542-41D1-4982-9D41-1C25A2715A74\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.\"}, {\"lang\": \"es\", \"value\": \"VMware Workspace ONE SDK y las actualizaciones de aplicaciones m\\u00f3viles dependientes abordan la vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n confidencial.\"}]",
      "id": "CVE-2020-3940",
      "lastModified": "2024-11-21T05:32:00.190",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-17T18:15:13.290",
      "references": "[{\"url\": \"https://www.vmware.com/security/advisories/VMSA-2020-0001.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2020-0001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3940\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2020-01-17T18:15:13.290\",\"lastModified\":\"2024-11-21T05:32:00.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.\"},{\"lang\":\"es\",\"value\":\"VMware Workspace ONE SDK y las actualizaciones de aplicaciones m\u00f3viles dependientes abordan la vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_boxer:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"5.13.1\",\"matchCriteriaId\":\"FCAAAA00-5DA8-4D7D-BFA3-D45A637032FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"3.21\",\"matchCriteriaId\":\"D0D4F64D-4877-4BD2-8926-4600CAD3F804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:iphone_os:*:*\",\"versionEndExcluding\":\"4.20\",\"matchCriteriaId\":\"602D8CAD-CF93-4311-9E59-D62F54B0816D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_intelligent_hub:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"19.11.1\",\"matchCriteriaId\":\"391C27B6-A114-4451-B318-279D26AC79FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_notebook:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.2.1\",\"matchCriteriaId\":\"1A508AC6-131F-4A0F-B292-1006059ECD16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_people:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"CFB2EFB3-E93C-4A5D-95B2-0F3B3DE1CBF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_piv-d_manager:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"80356ACB-FA05-4BE6-A78E-34613B23D574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:xamarin:*:*\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"339F4720-437E-4C2C-8B61-44811DA224A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:apache_cordova:*:*\",\"versionEndExcluding\":\"1.5.1\",\"matchCriteriaId\":\"2B2AD677-A184-4F47-AD07-FE7373E1740C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:android:*:*\",\"versionStartIncluding\":\"19.8.0\",\"versionEndExcluding\":\"19.11.1\",\"matchCriteriaId\":\"EE938B0B-31E7-4783-8844-2BFC58E378BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_sdk_\\\\(objective-c\\\\):*:*:*:*:iphone_os:*:*:*\",\"versionStartIncluding\":\"5.9.9.7\",\"versionEndExcluding\":\"5.9.9.8\",\"matchCriteriaId\":\"1504AEEB-34D4-4E61-B9B9-2362A58FAA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_web:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"7.10.8\",\"matchCriteriaId\":\"CFC2C542-41D1-4982-9D41-1C25A2715A74\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2020-0001.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2020-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-6PX4-W6J6-HCXV

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06

Details

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3940"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-17T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.",
  "id": "GHSA-6px4-w6j6-hcxv",
  "modified": "2022-05-24T17:06:54Z",
  "published": "2022-05-24T17:06:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3940"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-017

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Vmware Workspace ONE. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	Workspace ONE SDK Plugin for Xamarin versions antérieures à 1.4.1
VMware	N/A	Workspace ONE SDK Plugin for Apache Cordova versions antérieures à 1.5.1
VMware	N/A	Workspace ONE PIV-D versions antérieures à 1.4.2 sur Android
VMware	N/A	Workspace ONE Boxer versions antérieures à 5.13.1 sur Android
VMware	N/A	Workspace ONE Intelligent Hub versions antérieures à 19.11.1 sur Android
VMware	N/A	Workspace ONE Content versions antérieures à 3.2.1 sur Android
VMware	N/A	Workspace ONE Web versions antérieures à 7.10.8 sur Android
VMware	N/A	Workspace ONE Notebook versions antérieures à 1.2.1 sur Android
VMware	N/A	Workspace ONE SDK versions antérieures à 19.11.1 sur Android
VMware	N/A	Workspace ONE People versions antérieures à 1.3.2 sur Android
VMware	N/A	Workspace ONE SDK (Objective-C) versions antérieures à 5.9.9.8 sur iOS
VMware	N/A	Workspace ONE Content versions antérieures à 4.2 sur iOS

References

Title

Publication Time

Tags

Bulletin de sécurité Vmware VMSA-2020-0001 du 09 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Workspace ONE SDK Plugin for Xamarin versions ant\u00e9rieures \u00e0 1.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK Plugin for Apache Cordova versions ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE PIV-D versions ant\u00e9rieures \u00e0 1.4.2 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Boxer versions ant\u00e9rieures \u00e0 5.13.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Intelligent Hub versions ant\u00e9rieures \u00e0 19.11.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Content versions ant\u00e9rieures \u00e0 3.2.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Web versions ant\u00e9rieures \u00e0 7.10.8 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Notebook versions ant\u00e9rieures \u00e0 1.2.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK versions ant\u00e9rieures \u00e0 19.11.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE People versions ant\u00e9rieures \u00e0 1.3.2 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK (Objective-C) versions ant\u00e9rieures \u00e0 5.9.9.8 sur iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Content versions ant\u00e9rieures \u00e0 4.2 sur iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3940"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-017",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vmware Workspace ONE. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Vmware Workspace ONE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Vmware VMSA-2020-0001 du 09 janvier 2020",
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
    }
  ]
}

CERTFR-2020-AVI-017

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Vmware Workspace ONE. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	Workspace ONE SDK Plugin for Xamarin versions antérieures à 1.4.1
VMware	N/A	Workspace ONE SDK Plugin for Apache Cordova versions antérieures à 1.5.1
VMware	N/A	Workspace ONE PIV-D versions antérieures à 1.4.2 sur Android
VMware	N/A	Workspace ONE Boxer versions antérieures à 5.13.1 sur Android
VMware	N/A	Workspace ONE Intelligent Hub versions antérieures à 19.11.1 sur Android
VMware	N/A	Workspace ONE Content versions antérieures à 3.2.1 sur Android
VMware	N/A	Workspace ONE Web versions antérieures à 7.10.8 sur Android
VMware	N/A	Workspace ONE Notebook versions antérieures à 1.2.1 sur Android
VMware	N/A	Workspace ONE SDK versions antérieures à 19.11.1 sur Android
VMware	N/A	Workspace ONE People versions antérieures à 1.3.2 sur Android
VMware	N/A	Workspace ONE SDK (Objective-C) versions antérieures à 5.9.9.8 sur iOS
VMware	N/A	Workspace ONE Content versions antérieures à 4.2 sur iOS

References

Title

Publication Time

Tags

Bulletin de sécurité Vmware VMSA-2020-0001 du 09 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Workspace ONE SDK Plugin for Xamarin versions ant\u00e9rieures \u00e0 1.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK Plugin for Apache Cordova versions ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE PIV-D versions ant\u00e9rieures \u00e0 1.4.2 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Boxer versions ant\u00e9rieures \u00e0 5.13.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Intelligent Hub versions ant\u00e9rieures \u00e0 19.11.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Content versions ant\u00e9rieures \u00e0 3.2.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Web versions ant\u00e9rieures \u00e0 7.10.8 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Notebook versions ant\u00e9rieures \u00e0 1.2.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK versions ant\u00e9rieures \u00e0 19.11.1 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE People versions ant\u00e9rieures \u00e0 1.3.2 sur Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE SDK (Objective-C) versions ant\u00e9rieures \u00e0 5.9.9.8 sur iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace ONE Content versions ant\u00e9rieures \u00e0 4.2 sur iOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3940"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-017",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vmware Workspace ONE. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Vmware Workspace ONE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Vmware VMSA-2020-0001 du 09 janvier 2020",
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
    }
  ]
}

CNVD-2020-23482

Vulnerability from cnvd - Published: 2020-04-20

Title

多款Vmware产品信息泄露漏洞

Description

VMware是全球桌面到数据中心虚拟化解决方案的领导厂商。多款Vmware产品中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Severity

中

Patch Name

多款Vmware产品信息泄露漏洞的补丁

Patch Description

VMware是全球桌面到数据中心虚拟化解决方案的领导厂商。多款Vmware产品中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2020-0001.html

Reference

https://securityaffairs.co/wordpress/96446/security/vmware-tools-and-workspace-one-sdk-flaws.html

Impacted products

Name
['VMWare Workspace ONE SDK Plugin for Xamarin', 'VMWare Workspace ONE Web（Android）', 'VMWare Workspace ONE PIV-D（Android）', 'VMWare Workspace ONE People（Android）', 'VMWare Workspace ONE Notebook（Android）', 'VMWare Workspace ONE Intelligent Hub（Android）', 'VMWare Workspace ONE SDK Plugin for Apache Cordova', 'VMWare Workspace ONE Content（Android和iOS）', 'VMWare Workspace ONE Boxer（Android）', 'VMWare Workspace ONE SDK (Objective-C) 5.9.9.*', 'VMWare Workspace ONE SDK 19.x.y']

Name

['VMWare Workspace ONE SDK Plugin for Xamarin', 'VMWare Workspace ONE Web（Android）', 'VMWare Workspace ONE PIV-D（Android）', 'VMWare Workspace ONE People（Android）', 'VMWare Workspace ONE Notebook（Android）', 'VMWare Workspace ONE Intelligent Hub（Android）', 'VMWare Workspace ONE SDK Plugin for Apache Cordova', 'VMWare Workspace ONE Content（Android和iOS）', 'VMWare Workspace ONE Boxer（Android）', 'VMWare Workspace ONE SDK (Objective-C) 5.9.9.*', 'VMWare Workspace ONE SDK 19.x.y']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3940"
    }
  },
  "description": "VMware\u662f\u5168\u7403\u684c\u9762\u5230\u6570\u636e\u4e2d\u5fc3\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u7684\u9886\u5bfc\u5382\u5546\u3002\n\n\u591a\u6b3eVmware\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2020-0001.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23482",
  "openTime": "2020-04-20",
  "patchDescription": "VMware\u662f\u5168\u7403\u684c\u9762\u5230\u6570\u636e\u4e2d\u5fc3\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u7684\u9886\u5bfc\u5382\u5546\u3002\r\n\r\n\u591a\u6b3eVmware\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eVmware\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare Workspace ONE SDK Plugin for Xamarin",
      "VMWare Workspace ONE Web\uff08Android\uff09",
      "VMWare Workspace ONE PIV-D\uff08Android\uff09",
      "VMWare Workspace ONE People\uff08Android\uff09",
      "VMWare Workspace ONE Notebook\uff08Android\uff09",
      "VMWare Workspace ONE Intelligent Hub\uff08Android\uff09",
      "VMWare Workspace ONE SDK Plugin for Apache Cordova",
      "VMWare Workspace ONE Content\uff08Android\u548ciOS\uff09",
      "VMWare Workspace ONE Boxer\uff08Android\uff09",
      "VMWare Workspace ONE SDK (Objective-C) 5.9.9.*",
      "VMWare Workspace ONE SDK 19.x.y"
    ]
  },
  "referenceLink": "https://securityaffairs.co/wordpress/96446/security/vmware-tools-and-workspace-one-sdk-flaws.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-16",
  "title": "\u591a\u6b3eVmware\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2020-3940

Vulnerability from fkie_nvd - Published: 2020-01-17 18:15 - Updated: 2024-11-21 05:32

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

References

	URL	Tags
	security@vmware.com	https://www.vmware.com/security/advisories/VMSA-2020-0001.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2020-0001.html	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	workspace_one_boxer	*
vmware	workspace_one_content	*
vmware	workspace_one_content	*
vmware	workspace_one_intelligent_hub	*
vmware	workspace_one_notebook	*
vmware	workspace_one_people	*
vmware	workspace_one_piv-d_manager	*
vmware	workspace_one_sdk	*
vmware	workspace_one_sdk	*
vmware	workspace_one_sdk	*
vmware	workspace_one_sdk_\(objective-c\)	*
vmware	workspace_one_web	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_boxer:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "FCAAAA00-5DA8-4D7D-BFA3-D45A637032FE",
              "versionEndExcluding": "5.13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "D0D4F64D-4877-4BD2-8926-4600CAD3F804",
              "versionEndExcluding": "3.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "602D8CAD-CF93-4311-9E59-D62F54B0816D",
              "versionEndExcluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_intelligent_hub:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "391C27B6-A114-4451-B318-279D26AC79FB",
              "versionEndExcluding": "19.11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_notebook:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "1A508AC6-131F-4A0F-B292-1006059ECD16",
              "versionEndExcluding": "1.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_people:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "CFB2EFB3-E93C-4A5D-95B2-0F3B3DE1CBF2",
              "versionEndExcluding": "1.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_piv-d_manager:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "80356ACB-FA05-4BE6-A78E-34613B23D574",
              "versionEndExcluding": "1.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:xamarin:*:*",
              "matchCriteriaId": "339F4720-437E-4C2C-8B61-44811DA224A2",
              "versionEndExcluding": "1.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:apache_cordova:*:*",
              "matchCriteriaId": "2B2AD677-A184-4F47-AD07-FE7373E1740C",
              "versionEndExcluding": "1.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "EE938B0B-31E7-4783-8844-2BFC58E378BB",
              "versionEndExcluding": "19.11.1",
              "versionStartIncluding": "19.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_sdk_\\(objective-c\\):*:*:*:*:iphone_os:*:*:*",
              "matchCriteriaId": "1504AEEB-34D4-4E61-B9B9-2362A58FAA19",
              "versionEndExcluding": "5.9.9.8",
              "versionStartIncluding": "5.9.9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workspace_one_web:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "CFC2C542-41D1-4982-9D41-1C25A2715A74",
              "versionEndExcluding": "7.10.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."
    },
    {
      "lang": "es",
      "value": "VMware Workspace ONE SDK y las actualizaciones de aplicaciones m\u00f3viles dependientes abordan la vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial."
    }
  ],
  "id": "CVE-2020-3940",
  "lastModified": "2024-11-21T05:32:00.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-17T18:15:13.290",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-3940

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

Aliases

CVE-2020-3940

Aliases

CVE-2020-3940

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3940",
    "description": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.",
    "id": "GSD-2020-3940"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3940"
      ],
      "details": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.",
      "id": "GSD-2020-3940",
      "modified": "2023-12-13T01:22:10.154490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2020-3940",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Workspace ONE SDK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "VMware"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Sensitive information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html",
            "refsource": "CONFIRM",
            "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_boxer:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.21",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_intelligent_hub:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.11.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_notebook:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_people:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_piv-d_manager:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:xamarin:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:apache_cordova:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.11.1",
                "versionStartIncluding": "19.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_sdk_\\(objective-c\\):*:*:*:*:iphone_os:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.9.9.8",
                "versionStartIncluding": "5.9.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workspace_one_web:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.10.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2020-3940"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-27T16:32Z",
      "publishedDate": "2020-01-17T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3940 (GCVE-0-2020-3940)

GHSA-6PX4-W6J6-HCXV

CERTFR-2020-AVI-017

Solution

CERTFR-2020-AVI-017

Solution

CNVD-2020-23482

FKIE_CVE-2020-3940

GSD-2020-3940

Tags

Sightings

Nomenclature