CVE-2020-3998

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Horizon Client For Windows
Vendor: CVE Published:; 23 October 2020

Summary

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.

Affected Version(s)

VMware Horizon Client for Windows VMware Horizon Client for Windows (5.x prior to 5.5.0)

References

https://www.vmware.com/security/advisories/VMSA-2020-0024...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2020
Vulnerability Reserved
Dec 30, 2019