CVE-2020-11651, CVE-2020-11652 have not been patched yet, but there are some workarounds which you can use to address the mentioned VMware CVE’s.
VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigation(s).
|CVSSv3 Range||7.5 – 10.0|
|Synopsis||VMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)|
|Updated On||2020-05-08 (Initial Advisory)|