====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN002
_____________________________________________________________________

DATE                : 14/01/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Workspace ONE SDK,
                     VMware Workspace ONE Boxer,
                     VMware Workspace ONE Content,
                     VMware Workspace ONE SDK Plugin for Apache Cordova,
                     VMware Workspace ONE Intelligent Hub,
                     VMware Workspace ONE Notebook,
                     VMware Workspace ONE People,
                     VMware Workspace ONE PIV-D,
                     VMware Workspace ONE Web,
                     VMware Workspace ONE,
                     VMware Workspace ONE SDK Plugin for Xamarin.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2020-0001.html
_____________________________________________________________________


Advisory ID             VMSA-2020-0001
Advisory Severity       Moderate
CVSSv3 Range            6.8
Synopsis                VMware Workspace ONE SDK and dependent mobile
                         application updates address sensitive
                        information disclosure vulnerability
                        (CVE-2020-3940)
Issue Date              2020-01-09
Updated On              2020-01-09 (Initial Advisory)
CVE(s)                  CVE-2020-3940

1. Impacted Products

    Workspace ONE SDK
    Workspace ONE Boxer
    Workspace ONE Content
    Workspace ONE SDK Plugin for Apache Cordova
    Workspace ONE Intelligent Hub
    Workspace ONE Notebook
    Workspace ONE People
    Workspace ONE PIV-D
    Workspace ONE Web
    Workspace ONE SDK Plugin for Xamarin


2. Introduction
A sensitive information disclosure vulnerability in the VMware Workspace
ONE SDK was privately reported to VMware. Updates are available to
address this vulnerability in affected VMware products.

3. VMware Workspace ONE SDK and dependent mobile application updates
address sensitive information disclosure vulnerability (CVE-2020-3940)

Description:

VMware Workspace ONE SDK and dependent mobile applications do not
properly handle certificate verification failures if SSL Pinning has
been enabled in the Workspace ONE UEM Console. VMware has evaluated the
severity of this issue to be in the moderate severity range with a
maximum CVSSv3 base score of 6.8.


Known Attack Vectors:

A malicious actor with man-in-the-middle (MITM) network positioning
between an affected mobile application and Workspace ONE UEM Device
Services may be able to capture sensitive data in transit if SSL Pinning
is enabled.


Resolution:

To remediate CVE-2020-3940, apply the patches listed in the 'Fixed
Version' column of the 'Resolution Matrix' found below.


Workarounds:

None.


Additional Documentations:

None.


Acknowledgements:

None.


Response Matrix:

Product 	Version 	Running On 	CVE Identifier 	CVSSV3 	Severity 	Fixed
Version 	Workarounds 	Additional Documents

Workspace ONE SDK 	19.x.y 	Android 	CVE-2020-3940 	6.8 	Moderate
19.11.1 	None 	None

Workspace ONE SDK (Objective-C) 	5.9.9.x 	iOS 	CVE-2020-3940 	6.8
Moderate 	5.9.9.8 	None 	None

Workspace ONE SDK (Swift) 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A
Unaffected 	N/A 	N/A

Workspace ONE Boxer 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate
5.13.1 	None 	None

Workspace ONE Boxer 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A 	Unaffected 	N/A 	N/A

Workspace ONE Content 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate
3.2.1 	None 	None

Workspace ONE Content 	Any 	iOS	CVE-2020-3940 	6.8 	Moderate 	4.2
None 	None

Workspace ONE SDK Plugin for Apache Cordova 	Any 	Any 	CVE-2020-3940
6.8 	Moderate 	1.5.1 	None 	None

Workspace ONE Intelligent Hub 	Any 	Android 	CVE-2020-3940 	6.8
Moderate 	19.11.1 	None 	None

Workspace ONE Intelligent Hub 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A
Unaffected 	N/A 	N/A

Workspace ONE Notebook 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate
1.2.1 	None 	None

Workspace ONE Notebook 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A
Unaffected 	N/A 	N/A

Workspace ONE People 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate
1.3.2 	None 	None

Workspace ONE People 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A 	Unaffected
N/A 	N/A

Workspace ONE PIV-D 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate 	1.4.2
None 	None

Workspace ONE PIV-D 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A 	Unaffected 	N/A 	N/A

Workspace ONE Web 	Any 	Android 	CVE-2020-3940 	6.8 	Moderate
7.10.8 	None 	None

Workspace ONE Web 	Any 	iOS 	CVE-2020-3940 	N/A 	N/A 	Unaffected 	N/A 	N/A

Workspace ONE SDK Plugin for Xamarin 	Any 	Any 	CVE-2020-3940 	6.8
Moderate 	1.4.1 	None 	None


4. References


Fixed Version(s) and Release Notes:


Workspace ONE SDK for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html


Workspace ONE SDK for iOS (Objective-C)

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-iOS--Objective-C-.html


Workspace ONE Boxer for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-Boxer/services/rn/VMware-Workspace-ONE-Boxer-for-Android.html


Workspace ONE Content for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-Content/services/rn/Workpace-ONE-Content-for-Android.html


Workspace ONE Content for iOS

https://docs.vmware.com/en/VMware-Workspace-ONE-Content/services/rn/Workspace-ONE-Content-for-iOS.html


Workspace ONE SDK Plugin for Apache Cordova

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-Plugin-for-Apache-Cordova.html


Workspace ONE Intelligent Hub for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-Intelligent-Hub/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-1909-for-Android.html


Workspace ONE Notebook for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-Notebook/services/rn/VMware-Workspace-ONE-Notebook-for-Android.html


Workspace ONE People for Android

https://kb.vmware.com/s/article/76713


Workspace ONE PIV-D for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-PIV-D-Manager-for-Android.html


Workspace ONE Web for Android

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Web-for-Android.html


Workspace ONE SDK Plugin for Xamarin

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-Plugin-for-Xamarin.html


Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3940


FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N



5. Change log

2019-01-09 : VMSA-2020-0001
Initial security advisory on 2020-01-09.


6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce



This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org



E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055



VMware Security Advisories

https://www.vmware.com/security/advisories



VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html



VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html



VMware Security & Compliance Blog

https://blogs.vmware.com/security



Twitter

https://twitter.com/VMwareSRC



Copyright 2020 VMware Inc. All rights reserved.




=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================