cvelistv5 - cve-2017-4907

CVE-2017-4907 (GCVE-0-2017-4907)

Vulnerability from cvelistv5 – Published: 2017-06-08 13:00 – Updated: 2024-08-05 14:39

Summary

Severity ?

No CVSS data available.

CWE

Heap buffer-overflow vulnerability

Assigner

vmware

References

URL

Tags

	http://www.securitytracker.com/id/1038281	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/97914	vdb-entryx_refsource_BID
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

VMware

Unified Access Gateway

Affected: 2.5.x
Affected: 2.7.x
Affected: 2.8.x prior to 2.8.1

VMware

Horizon View

Affected: 7.x prior to 7.1.0
Affected: 6.x prior to 6.2.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038281",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038281"
          },
          {
            "name": "97914",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97914"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Unified Access Gateway",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.x"
            },
            {
              "status": "affected",
              "version": "2.7.x"
            },
            {
              "status": "affected",
              "version": "2.8.x prior to 2.8.1"
            }
          ]
        },
        {
          "product": "Horizon View",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "7.x prior to 7.1.0"
            },
            {
              "status": "affected",
              "version": "6.x prior to 6.2.4"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer-overflow vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "1038281",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038281"
        },
        {
          "name": "97914",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97914"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2017-4907",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Unified Access Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5.x"
                          },
                          {
                            "version_value": "2.7.x"
                          },
                          {
                            "version_value": "2.8.x prior to 2.8.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Horizon View",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.x prior to 7.1.0"
                          },
                          {
                            "version_value": "6.x prior to 6.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap buffer-overflow vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038281",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038281"
            },
            {
              "name": "97914",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97914"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2017-4907",
    "datePublished": "2017-06-08T13:00:00",
    "dateReserved": "2016-12-26T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"370FCB86-72ED-47AB-A414-A12E6C970BE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67EA006A-76A5-489E-BD3E-FAFC00AB63C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75798329-EAC2-4B6F-A943-9EB6F01B5145\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0DEE3EA-30C8-4653-96B3-17D9F66AFDA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4C7C278-5A1D-41A3-AEFB-10AA859DEF15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155B09B1-D94A-42C6-89DE-76180968C5D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32840997-8DA1-481A-BC2B-6A5D3335826D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5252980E-77DE-41C9-B829-775BB929FB30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB3A1FE-4DB8-4536-B94F-21C4560D7BC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA685CC7-AD8E-4EB6-A6B7-46F126BDE92E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14D2DF40-13F6-4A11-B96B-002039F16C0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE4B7AA9-E5F1-4388-A083-D1817EE8FA51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EAAC0B8-C653-40F3-B2E9-7C5DED57E81D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5AFC21D-88E4-4AF0-9DA2-17DCBEE12D85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C68F416E-BD1C-4D9F-B3E9-BB05EB421216\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.\"}, {\"lang\": \"es\", \"value\": \"Unified Access Gateway (versiones 2.5.x, 2.7.x, 2.8.x anteriores a 2.8.1) y Horizon View (versiones 7.x anteriores a 7.1.0, versiones 6.x anteriores a 6.2.4) de VMware, contienen una vulnerabilidad de desbordamiento de b\\u00fafer de la pila que puede permitir a un atacante remoto ejecutar c\\u00f3digo en la puerta de enlace de seguridad.\"}]",
      "id": "CVE-2017-4907",
      "lastModified": "2024-11-21T03:26:38.627",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-08T13:29:00.220",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97914\", \"source\": \"security@vmware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038281\", \"source\": \"security@vmware.com\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2017-0008.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2017-0008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-4907\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2017-06-08T13:29:00.220\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.\"},{\"lang\":\"es\",\"value\":\"Unified Access Gateway (versiones 2.5.x, 2.7.x, 2.8.x anteriores a 2.8.1) y Horizon View (versiones 7.x anteriores a 7.1.0, versiones 6.x anteriores a 6.2.4) de VMware, contienen una vulnerabilidad de desbordamiento de b\u00fafer de la pila que puede permitir a un atacante remoto ejecutar c\u00f3digo en la puerta de enlace de seguridad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"370FCB86-72ED-47AB-A414-A12E6C970BE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67EA006A-76A5-489E-BD3E-FAFC00AB63C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75798329-EAC2-4B6F-A943-9EB6F01B5145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0DEE3EA-30C8-4653-96B3-17D9F66AFDA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4C7C278-5A1D-41A3-AEFB-10AA859DEF15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155B09B1-D94A-42C6-89DE-76180968C5D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32840997-8DA1-481A-BC2B-6A5D3335826D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5252980E-77DE-41C9-B829-775BB929FB30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB3A1FE-4DB8-4536-B94F-21C4560D7BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA685CC7-AD8E-4EB6-A6B7-46F126BDE92E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D2DF40-13F6-4A11-B96B-002039F16C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE4B7AA9-E5F1-4388-A083-D1817EE8FA51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EAAC0B8-C653-40F3-B2E9-7C5DED57E81D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5AFC21D-88E4-4AF0-9DA2-17DCBEE12D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C68F416E-BD1C-4D9F-B3E9-BB05EB421216\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97914\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038281\",\"source\":\"security@vmware.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2017-0008.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2017-0008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation versions 12.x antérieures à 12.5.3
VMware	N/A	VMware Horizon View versions 7.x antérieures à 7.1.0
VMware	N/A	VMware Horizon View versions 6.2.x antérieures à 6.2.4
VMware	N/A	VMware Unified Access Gateway versions 2.8.x antérieures à 2.8.1

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2017-0008 du 18 avril 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation versions 12.x ant\u00e9rieures \u00e0 12.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Horizon View versions 7.x ant\u00e9rieures \u00e0 7.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Horizon View versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Unified Access Gateway versions 2.8.x ant\u00e9rieures \u00e0 2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-4908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4908"
    },
    {
      "name": "CVE-2017-4909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4909"
    },
    {
      "name": "CVE-2017-4910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4910"
    },
    {
      "name": "CVE-2017-4913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4913"
    },
    {
      "name": "CVE-2017-4907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4907"
    },
    {
      "name": "CVE-2017-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4911"
    },
    {
      "name": "CVE-2017-4912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4912"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2017-0008 du 18 avril 2017",
      "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
    }
  ]
}

CERTFR-2017-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation versions 12.x antérieures à 12.5.3
VMware	N/A	VMware Horizon View versions 7.x antérieures à 7.1.0
VMware	N/A	VMware Horizon View versions 6.2.x antérieures à 6.2.4
VMware	N/A	VMware Unified Access Gateway versions 2.8.x antérieures à 2.8.1

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2017-0008 du 18 avril 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation versions 12.x ant\u00e9rieures \u00e0 12.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Horizon View versions 7.x ant\u00e9rieures \u00e0 7.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Horizon View versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Unified Access Gateway versions 2.8.x ant\u00e9rieures \u00e0 2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-4908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4908"
    },
    {
      "name": "CVE-2017-4909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4909"
    },
    {
      "name": "CVE-2017-4910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4910"
    },
    {
      "name": "CVE-2017-4913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4913"
    },
    {
      "name": "CVE-2017-4907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4907"
    },
    {
      "name": "CVE-2017-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4911"
    },
    {
      "name": "CVE-2017-4912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-4912"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2017-0008 du 18 avril 2017",
      "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
    }
  ]
}

VAR-201706-0520

Vulnerability from variot - Updated: 2023-12-18 12:03

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. The former is a secure gateway that accesses remote desktops and applications outside the corporate firewall; the latter is a device that can access VMwareHorizon desktops from any location. A heap buffer overflow vulnerability exists in VMware Unified AccessGateway and HorizonView. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application or could result in a denial of service. Failed exploits may result in denial-of-service conditions. x version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0520",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "vmware",
        "version": "6.2.4"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.8"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.2.3"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "7.0"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.1.1"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.2"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.2.1"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.2.2"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.7"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.7.2"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5.1"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.1"
      },
      {
        "model": "unified access gateway",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.8.x"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.7.x"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.5.x"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "7.1.0"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.8.1"
      },
      {
        "model": "horizon view",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.x"
      },
      {
        "model": "horizon view",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "7.x"
      },
      {
        "model": "unified access gateway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "2.8.*\u003c2.8.1"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "7.*\u003c7.1.0"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "6.2.*\u003c6.2.4"
      },
      {
        "model": "horizon view",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.0.1"
      },
      {
        "model": "unified access gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.8.1"
      },
      {
        "model": "horizon view",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "7.1"
      },
      {
        "model": "horizon view",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.2.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Claudio Moletta (redr2e).",
    "sources": [
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-4907",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-4907",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05864",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-113110",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-4907",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-4907",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05864",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-954",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113110",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. The former is a secure gateway that accesses remote desktops and applications outside the corporate firewall; the latter is a device that can access VMwareHorizon desktops from any location. A heap buffer overflow vulnerability exists in VMware Unified AccessGateway and HorizonView. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application or could result in a denial of service. Failed exploits may result in denial-of-service conditions. x version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-4907",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97914",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1038281",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "36479",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "id": "VAR-201706-0520",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:03:54.075000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "VMSA-2017-0008",
        "trust": 0.8,
        "url": "https://www.vmware.com/security/advisories/vmsa-2017-0008.html"
      },
      {
        "title": "Patch for VMware Unified AccessGateway and HorizonView heap buffer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/93144"
      },
      {
        "title": "VMware Unified Access Gateway  and Horizon View Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69403"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/97914"
      },
      {
        "trust": 2.0,
        "url": "http://www.vmware.com/security/advisories/vmsa-2017-0008.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038281"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-4907"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-4907"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/36479"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "db": "BID",
        "id": "97914"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "date": "2017-06-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "BID",
        "id": "97914"
      },
      {
        "date": "2017-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "date": "2017-06-08T13:29:00.220000",
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "date": "2017-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05864"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113110"
      },
      {
        "date": "2017-05-02T01:06:00",
        "db": "BID",
        "id": "97914"
      },
      {
        "date": "2017-07-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      },
      {
        "date": "2017-07-11T01:33:44.457000",
        "db": "NVD",
        "id": "CVE-2017-4907"
      },
      {
        "date": "2017-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware Unified Access Gateway and  Horizon View Heap-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004655"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-954"
      }
    ],
    "trust": 0.6
  }
}

GHSA-3F8W-P3M8-MPJX

Vulnerability from github – Published: 2022-05-17 02:32 – Updated: 2022-05-17 02:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-4907"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-08T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.",
  "id": "GHSA-3f8w-p3m8-mpjx",
  "modified": "2022-05-17T02:32:02Z",
  "published": "2022-05-17T02:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4907"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97914"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038281"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-4907

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-4907

Aliases

CVE-2017-4907

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-4907",
    "description": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.",
    "id": "GSD-2017-4907"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-4907"
      ],
      "details": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.",
      "id": "GSD-2017-4907",
      "modified": "2023-12-13T01:21:02.536265Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2017-4907",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Unified Access Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.5.x"
                        },
                        {
                          "version_value": "2.7.x"
                        },
                        {
                          "version_value": "2.8.x prior to 2.8.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Horizon View",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.x prior to 7.1.0"
                        },
                        {
                          "version_value": "6.x prior to 6.2.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "VMware"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Heap buffer-overflow vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1038281",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038281"
          },
          {
            "name": "97914",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97914"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2017-4907"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
            },
            {
              "name": "97914",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97914"
            },
            {
              "name": "1038281",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038281"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-11T01:33Z",
      "publishedDate": "2017-06-08T13:29Z"
    }
  }
}

CNVD-2017-05864

Vulnerability from cnvd - Published: 2017-05-04

Title

VMware Unified Access Gateway和Horizon View堆缓冲区溢出漏洞

Description

VMware Unified Access Gateway和Horizon View都是美国威睿（VMware）公司的产品。前者是一款通过企业防火墙外部访问远程桌面和应用程序的安全网关；后者是一款可以从任何位置对VMware Horizon桌面进行访问的设备。 VMware Unified Access Gateway和Horizon View存在堆缓冲区溢出漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码或可能造成拒绝服务。

Severity

高

Patch Name

VMware Unified Access Gateway和Horizon View堆缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.vmware.com/security/advisories/VMSA-2017-0008.html

Reference

http://www.securityfocus.com/bid/97914

Impacted products

Name
['VMware Unified Access Gateway 2.8.，<2.8.1', 'VMware Horizon View 7.，<7.1.0', 'VMware Horizon View 6.2.*，<6.2.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97914"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4907"
    }
  },
  "description": "VMware Unified Access Gateway\u548cHorizon View\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u6b3e\u901a\u8fc7\u4f01\u4e1a\u9632\u706b\u5899\u5916\u90e8\u8bbf\u95ee\u8fdc\u7a0b\u684c\u9762\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u7f51\u5173\uff1b\u540e\u8005\u662f\u4e00\u6b3e\u53ef\u4ee5\u4ece\u4efb\u4f55\u4f4d\u7f6e\u5bf9VMware Horizon\u684c\u9762\u8fdb\u884c\u8bbf\u95ee\u7684\u8bbe\u5907\u3002\r\n\r\nVMware Unified Access Gateway\u548cHorizon View\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53ef\u80fd\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Claudio Moletta (redr2e).",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.vmware.com/security/advisories/VMSA-2017-0008.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05864",
  "openTime": "2017-05-04",
  "patchDescription": "VMware Unified Access Gateway\u548cHorizon View\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u6b3e\u901a\u8fc7\u4f01\u4e1a\u9632\u706b\u5899\u5916\u90e8\u8bbf\u95ee\u8fdc\u7a0b\u684c\u9762\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u7f51\u5173\uff1b\u540e\u8005\u662f\u4e00\u6b3e\u53ef\u4ee5\u4ece\u4efb\u4f55\u4f4d\u7f6e\u5bf9VMware Horizon\u684c\u9762\u8fdb\u884c\u8bbf\u95ee\u7684\u8bbe\u5907\u3002\r\n\r\nVMware Unified Access Gateway\u548cHorizon View\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u53ef\u80fd\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Unified Access Gateway\u548cHorizon View\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Unified Access Gateway 2.8.*\uff0c\u003c2.8.1",
      "VMware Horizon View 7.*\uff0c\u003c7.1.0",
      "VMware Horizon View 6.2.*\uff0c\u003c6.2.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97914",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-21",
  "title": "VMware Unified Access Gateway\u548cHorizon View\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2017-4907

Vulnerability from fkie_nvd - Published: 2017-06-08 13:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@vmware.com	http://www.securityfocus.com/bid/97914	Third Party Advisory, VDB Entry
security@vmware.com	http://www.securitytracker.com/id/1038281
security@vmware.com	http://www.vmware.com/security/advisories/VMSA-2017-0008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97914	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038281
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2017-0008.html	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	horizon_view	6.0
vmware	horizon_view	6.0.2
vmware	horizon_view	6.1
vmware	horizon_view	6.1.1
vmware	horizon_view	6.2
vmware	horizon_view	6.2.1
vmware	horizon_view	6.2.2
vmware	horizon_view	6.2.3
vmware	horizon_view	6.2.4
vmware	horizon_view	7.0
vmware	unified_access_gateway	2.5
vmware	unified_access_gateway	2.5.1
vmware	unified_access_gateway	2.7
vmware	unified_access_gateway	2.7.2
vmware	unified_access_gateway	2.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "370FCB86-72ED-47AB-A414-A12E6C970BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EA006A-76A5-489E-BD3E-FAFC00AB63C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75798329-EAC2-4B6F-A943-9EB6F01B5145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0DEE3EA-30C8-4653-96B3-17D9F66AFDA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4C7C278-5A1D-41A3-AEFB-10AA859DEF15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "155B09B1-D94A-42C6-89DE-76180968C5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32840997-8DA1-481A-BC2B-6A5D3335826D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5252980E-77DE-41C9-B829-775BB929FB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB3A1FE-4DB8-4536-B94F-21C4560D7BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA685CC7-AD8E-4EB6-A6B7-46F126BDE92E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D2DF40-13F6-4A11-B96B-002039F16C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4B7AA9-E5F1-4388-A083-D1817EE8FA51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAAC0B8-C653-40F3-B2E9-7C5DED57E81D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AFC21D-88E4-4AF0-9DA2-17DCBEE12D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C68F416E-BD1C-4D9F-B3E9-BB05EB421216",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
    },
    {
      "lang": "es",
      "value": "Unified Access Gateway (versiones 2.5.x, 2.7.x, 2.8.x anteriores a 2.8.1) y Horizon View (versiones 7.x anteriores a 7.1.0, versiones 6.x anteriores a 6.2.4) de VMware, contienen una vulnerabilidad de desbordamiento de b\u00fafer de la pila que puede permitir a un atacante remoto ejecutar c\u00f3digo en la puerta de enlace de seguridad."
    }
  ],
  "id": "CVE-2017-4907",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T13:29:00.220",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97914"
    },
    {
      "source": "security@vmware.com",
      "url": "http://www.securitytracker.com/id/1038281"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-4907 (GCVE-0-2017-4907)

CERTFR-2017-AVI-117

Solution

CERTFR-2017-AVI-117

Solution

VAR-201706-0520

GHSA-3F8W-P3M8-MPJX

GSD-2017-4907

CNVD-2017-05864

FKIE_CVE-2017-4907

Tags

Sightings

Nomenclature