Local Information Disclosure in VMware Horizon View Agents
CVE-2018-6971

7.8HIGH

Key Information:

Vendor

Vmware
Status
Horizon View Agent
Vendor
CVE Published:
19 July 2018

What is CVE-2018-6971?

VMware Horizon View Agents prior to version 7.5.1 contain a vulnerability that allows local information disclosure due to insecure logging of installation credentials in the vmmsi.log file. This issue arises when an account other than the currently logged-in user is specified during installation, including silent installations. If exploited, it permits low privileged users to access sensitive credentials associated with the Horizon View Agent installation process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Horizon View Agent 7.x.x before 7.5.1

References

http://www.securitytracker.com/id/1041357
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104883
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041358
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.