Local Information Disclosure in VMware Horizon View Agents
CVE-2018-6971
7.8HIGH
Summary
VMware Horizon View Agents prior to version 7.5.1 contain a vulnerability that allows local information disclosure due to insecure logging of installation credentials in the vmmsi.log file. This issue arises when an account other than the currently logged-in user is specified during installation, including silent installations. If exploited, it permits low privileged users to access sensitive credentials associated with the Horizon View Agent installation process.
Affected Version(s)
Horizon View Agent 7.x.x before 7.5.1
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved