PT-2018-17851 · Vmware · Vmware Horizon View Agents

Published

2018-07-25

Updated

2019-10-03

CVE-2018-6971

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware Horizon View Agents versions 7.0.0 through 7.5.0

Description The issue is related to insecure logging of credentials in the vmmsi.log file. This occurs when an account other than the currently logged on user is specified during installation, including silent installations. Successful exploitation may allow low privileged users access to the credentials specified during the Horizon View Agent installation.

Recommendations For versions 7.0.0 through 7.5.0, update to version 7.5.1 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2018-6971

Affected Products

Vmware Horizon View Agents

PT-2018-17851 · Vmware · Vmware Horizon View Agents

CVE-2018-6971

Weakness Enumeration

Related Identifiers

Affected Products

References · 6