CVE-2020-3940 - OpenCVE

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Workspace One Boxer Workspace One Content Workspace One Intelligent Hub Workspace One Notebook Workspace One People Workspace One Piv-d Manager Workspace One Sdk Workspace One Sdk \(objective-c\) Workspace One Web

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workspace_one_boxer::::::android::*
	cpe:2.3:a:vmware:workspace_one_content::::::android::*
	cpe:2.3:a:vmware:workspace_one_content::::::iphone_os::*
	cpe:2.3:a:vmware:workspace_one_intelligent_hub::::::android::*
	cpe:2.3:a:vmware:workspace_one_notebook::::::android::*
	cpe:2.3:a:vmware:workspace_one_people::::::android::*
	cpe:2.3:a:vmware:workspace_one_piv-d_manager::::::android::*
	cpe:2.3:a:vmware:workspace_one_sdk::::::xamarin::*
	cpe:2.3:a:vmware:workspace_one_sdk::::::apache_cordova::*
	cpe:2.3:a:vmware:workspace_one_sdk::::::android::*
	cpe:2.3:a:vmware:workspace_one_sdk_\(objective-c\):::::iphone_os:::*
	cpe:2.3:a:vmware:workspace_one_web::::::android::*

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2020-0001.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2020-01-17T17:59:29

Updated: 2024-08-04T07:52:20.417Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-3940

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-17T18:15:13.290

Modified: 2020-01-27T16:32:30.813

Link: CVE-2020-3940

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Workspace ONE SDK", "vendor": "VMware", "versions": [{"status": "affected", "version": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8"}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Sensitive information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-17T17:59:29", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2020-3940", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Workspace ONE SDK", "version": {"version_data": [{"version_value": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Sensitive information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.417Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2020-3940", "datePublished": "2020-01-17T17:59:29", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workspace_one_boxer:*:*:*:*:*:android:*:*", "matchCriteriaId": "FCAAAA00-5DA8-4D7D-BFA3-D45A637032FE", "versionEndExcluding": "5.13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:android:*:*", "matchCriteriaId": "D0D4F64D-4877-4BD2-8926-4600CAD3F804", "versionEndExcluding": "3.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_content:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "602D8CAD-CF93-4311-9E59-D62F54B0816D", "versionEndExcluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_intelligent_hub:*:*:*:*:*:android:*:*", "matchCriteriaId": "391C27B6-A114-4451-B318-279D26AC79FB", "versionEndExcluding": "19.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_notebook:*:*:*:*:*:android:*:*", "matchCriteriaId": "1A508AC6-131F-4A0F-B292-1006059ECD16", "versionEndExcluding": "1.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_people:*:*:*:*:*:android:*:*", "matchCriteriaId": "CFB2EFB3-E93C-4A5D-95B2-0F3B3DE1CBF2", "versionEndExcluding": "1.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_piv-d_manager:*:*:*:*:*:android:*:*", "matchCriteriaId": "80356ACB-FA05-4BE6-A78E-34613B23D574", "versionEndExcluding": "1.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:xamarin:*:*", "matchCriteriaId": "339F4720-437E-4C2C-8B61-44811DA224A2", "versionEndExcluding": "1.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:apache_cordova:*:*", "matchCriteriaId": "2B2AD677-A184-4F47-AD07-FE7373E1740C", "versionEndExcluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_sdk:*:*:*:*:*:android:*:*", "matchCriteriaId": "EE938B0B-31E7-4783-8844-2BFC58E378BB", "versionEndExcluding": "19.11.1", "versionStartIncluding": "19.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_sdk_\\(objective-c\\):*:*:*:*:iphone_os:*:*:*", "matchCriteriaId": "1504AEEB-34D4-4E61-B9B9-2362A58FAA19", "versionEndExcluding": "5.9.9.8", "versionStartIncluding": "5.9.9.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_web:*:*:*:*:*:android:*:*", "matchCriteriaId": "CFC2C542-41D1-4982-9D41-1C25A2715A74", "versionEndExcluding": "7.10.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability."}, {"lang": "es", "value": "VMware Workspace ONE SDK y las actualizaciones de aplicaciones m\u00f3viles dependientes abordan la vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial."}], "id": "CVE-2020-3940", "lastModified": "2020-01-27T16:32:30.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-17T18:15:13.290", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}