Information Disclosure Vulnerability in VMware Horizon Client for Windows
CVE-2020-3998

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Horizon Client For Windows
Vendor: CVE Published:; 23 October 2020

Summary

VMware Horizon Client for Windows versions prior to 5.5.0 are affected by an information disclosure vulnerability. An attacker with local access could exploit this issue to retrieve hashed credentials following a crash of the Horizon Client application. This exposure can lead to a compromise of sensitive user information, necessitating prompt updates to mitigate the risk.

Affected Version(s)

VMware Horizon Client for Windows VMware Horizon Client for Windows (5.x prior to 5.5.0)

References

https://www.vmware.com/security/advisories/VMSA-2020-0024...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2020
Vulnerability Reserved
Dec 30, 2019