All the vulnerabilites related to VMware - Horizon View Agent
cve-2018-6971
Vulnerability from cvelistv5
Published
2018-07-25 13:00
Modified
2024-09-17 03:39
Severity ?
EPSS score ?
Summary
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041357 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104883 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041358 | vdb-entry, x_refsource_SECTRACK | |
| https://www.vmware.com/security/advisories/VMSA-2018-0018.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | Horizon View Agent |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041357"
},
{
"name": "104883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104883"
},
{
"name": "1041358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Horizon View Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.x.x before 7.5.1"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1041357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041357"
},
{
"name": "104883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104883"
},
{
"name": "1041358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-6971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Horizon View Agent",
"version": {
"version_data": [
{
"version_value": "7.x.x before 7.5.1"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041357"
},
{
"name": "104883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104883"
},
{
"name": "1041358",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041358"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6971",
"datePublished": "2018-07-25T13:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-17T03:39:03.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5539
Vulnerability from cvelistv5
Published
2019-12-23 19:20
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0023.html | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | VMware Workstation | |
| VMware | Horizon View Agent |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x prior to 15.5.1"
}
]
},
{
"product": "Horizon View Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.10.x prior to 7.10.1"
},
{
"status": "affected",
"version": "7.5.x prior 7.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL hijacking vulnerability via Cortado Thinprint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-23T19:20:50",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_value": "15.x prior to 15.5.1"
}
]
}
},
{
"product_name": "Horizon View Agent",
"version": {
"version_data": [
{
"version_value": "7.10.x prior to 7.10.1"
},
{
"version_value": "7.5.x prior 7.5.4"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking vulnerability via Cortado Thinprint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5539",
"datePublished": "2019-12-23T19:20:50",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}