Information Disclosure Vulnerability in VMware Horizon Client for Windows
CVE-2020-3998

6.5MEDIUM

Key Information:

Vendor

Vmware
Status
Vmware Horizon Client For Windows
Vendor
CVE Published:
23 October 2020

What is CVE-2020-3998?

VMware Horizon Client for Windows versions prior to 5.5.0 are affected by an information disclosure vulnerability. An attacker with local access could exploit this issue to retrieve hashed credentials following a crash of the Horizon Client application. This exposure can lead to a compromise of sensitive user information, necessitating prompt updates to mitigate the risk.

Affected Version(s)

VMware Horizon Client for Windows VMware Horizon Client for Windows (5.x prior to 5.5.0)

References

https://www.vmware.com/security/advisories/VMSA-2020-0024...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.