CVE-2018-6971
HIGHVMware Horizon View Agents 7.0.0-7.5.0 - Local Information Disclosure via Insecure Logging
Title source: llmDescription
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041357
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104883
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041358
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0018.html
Scores
CVSS v3
7.8
EPSS
0.0042
EPSS Percentile
33.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
vmware/horizon_view_agents
7.0.0 - 7.5.1
Published
Jul 25, 2018
Tracked Since
Feb 18, 2026