CVE-2017-4897
MEDIUMVMware Horizon DaaS <7.0.0 - Info Disclosure
Title source: llmDescription
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
29.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (2)
vmware/horizon_daas
< 6.1.6
VMware/Horizon DaaS
< prior to 7.0.0
Published
May 31, 2017
Tracked Since
Feb 18, 2026