Main Vulnerability Database Vulnerabilities #VU13955

#VU13955 Information disclosure in VMware Horizon - CVE-2018-6971

Published: July 23, 2018

Vulnerability identifier: #VU13955

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6971

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
VMware Horizon

Software vendor:
VMware, Inc

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to the system logs authentication credentials in the 'vmmsi.log' log file when an account other than the current user account is specified during installation. A local attacker can view the passwords.

Remediation

Update to version 7.5.1.

External links

https://www.vmware.com/security/advisories/VMSA-2018-0018.html

#VU13955 Information disclosure in VMware Horizon - CVE-2018-6971

Description

Remediation

External links

Please verify you're human