HTTP Request Smuggling Vulnerability in VMware Horizon Server
CVE-2023-34037

5.3MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Horizon Server
Vendor: CVE Published:; 4 August 2023

Summary

VMware Horizon Server is exposed to an HTTP request smuggling vulnerability that could allow an attacker with network access to craft malicious requests. This could potentially lead to unauthorized access or manipulation of web requests, posing a significant risk to data integrity and overall system security. Organizations using VMware Horizon Server should review security practices and patch affected versions promptly to mitigate this risk.

Affected Version(s)

VMware Horizon Server Horizon Server 2306, Horizon Server 2303, Horizon Server 2212, Horizon Server 2209, Horizon Server 2206, Horizon Server 2111.x, Horizon Server 2106, Horizon Server 2103, Horizon Server 2012, Horizon Server 2006

References

https://www.vmware.com/security/advisories/VMSA-2023-0017...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
May 25, 2023