Local Information Disclosure in VMware Horizon View Agents
CVE-2018-6971
7.8HIGH
What is CVE-2018-6971?
VMware Horizon View Agents prior to version 7.5.1 contain a vulnerability that allows local information disclosure due to insecure logging of installation credentials in the vmmsi.log file. This issue arises when an account other than the currently logged-in user is specified during installation, including silent installations. If exploited, it permits low privileged users to access sensitive credentials associated with the Horizon View Agent installation process.
Affected Version(s)
Horizon View Agent 7.x.x before 7.5.1