CVE-2019-5513

MEDIUM

VMware Horizon 6.0.0-6.2.7 - Information Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5513. PoCs published by sudosu01.

AI-analyzed exploit summary This repository contains a multi-threaded scanner for detecting CVE-2019-5513, an unauthenticated information disclosure vulnerability in VMware Horizon Connection Server's /broker/xml endpoint. The scanner tests both empty POST requests and crafted XML payloads to identify vulnerable hosts.

Description

VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.

Exploits (1)

nomisec SCANNER
by sudosu01 · poc
https://github.com/sudosu01/CVE-2019-5513-scanner

This repository contains a multi-threaded scanner for detecting CVE-2019-5513, an unauthenticated information disclosure vulnerability in VMware Horizon Connection Server's /broker/xml endpoint. The scanner tests both empty POST requests and crafted XML payloads to identify vulnerable hosts.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8
No auth needed
Prerequisites: list of target IP addresses/hostnames
mistral-large-3 · analyzed Jun 07, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2019-0003.html

Scores

CVSS v3 5.3
EPSS 0.0123
EPSS Percentile 65.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (1)
vmware/horizon 6.0.0 - 6.2.8
Published Apr 09, 2019
Tracked Since Feb 18, 2026