Directory traversal in VMware Horizon - CVE-2016-7087
Published: October 7, 2016 / Updated: October 7, 2016
Vulnerability identifier: #VU801
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7087
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Horizon
VMware Horizon
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to view potentially sensitive information on the target system.
The weakness exists due to directory traversal flaw and lets attackers to obtain certain information from the Horizon View Connection Server.
Successful exploitation of the vulnerability results in disclosure of important data.
The weakness exists due to directory traversal flaw and lets attackers to obtain certain information from the Horizon View Connection Server.
Successful exploitation of the vulnerability results in disclosure of important data.
How to mitigate CVE-2016-7087
Update 5.x to version to 5.3.7.
Update 6.x to version to 6.2.3.
Update 7.x to version to 7.0.1.
Update 6.x to version to 6.2.3.
Update 7.x to version to 7.0.1.