PT-2018-17851 · Vmware · Vmware Horizon View Agents

Publicado

2018-07-25

Atualizado

2019-10-03

CVE-2018-6971

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware Horizon View Agents versions 7.0.0 through 7.5.0

Description The issue is related to insecure logging of credentials in the vmmsi.log file. This occurs when an account other than the currently logged on user is specified during installation, including silent installations. Successful exploitation may allow low privileged users access to the credentials specified during the Horizon View Agent installation.

Recommendations For versions 7.0.0 through 7.5.0, update to version 7.5.1 or later to resolve the issue.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2018-6971

Produtos afetados

Vmware Horizon View Agents

PT-2018-17851 · Vmware · Vmware Horizon View Agents

CVE-2018-6971

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6