CVE-2017-4907

CRITICAL

VMware Unified Access Gateway 2.5.x-2.7.x, 2.8.x < 2.8.1 & Horizon View 6.x < 6.2.4, 7.x < 7.1.0 - RCE

Title source: llm

Description

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038281

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97914

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2017-0008.html

Scores

CVSS v3 9.8

EPSS 0.0250

EPSS Percentile 85.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (20)

VMware/Horizon View 6.x prior to 6.2.4

VMware/Horizon View 7.x prior to 7.1.0

vmware/horizon_view 6.0

vmware/horizon_view 6.0.2

vmware/horizon_view 6.1

vmware/horizon_view 6.1.1

vmware/horizon_view 6.2

vmware/horizon_view 6.2.1

vmware/horizon_view 6.2.2

vmware/horizon_view 6.2.3

... and 10 more

Published Jun 08, 2017

Tracked Since Feb 18, 2026