cve-2023-34038
Vulnerability from cvelistv5
Published
2023-08-04 11:24
Modified
2024-08-02 15:54
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
References
security@vmware.comhttps://www.vmware.com/security/advisories/VMSA-2023-0017.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vmware.com/security/advisories/VMSA-2023-0017.htmlVendor Advisory
Impacted products
Vendor Product Version
n/a VMware Horizon Server Version: Horizon Server 2306, Horizon Server 2303, Horizon Server 2212, Horizon Server 2209, Horizon Server 2206, Horizon Server 2111.x, Horizon Server 2106, Horizon Server 2103, Horizon Server 2012, Horizon Server 2006
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:54:14.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2023-0017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VMware Horizon Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Horizon Server 2306, Horizon Server 2303, Horizon Server 2212, Horizon Server 2209, Horizon Server 2206, Horizon Server 2111.x, Horizon Server 2106, Horizon Server 2103, Horizon Server 2012, Horizon Server 2006"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure vulnerability",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-04T11:24:57.885Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://www.vmware.com/security/advisories/VMSA-2023-0017.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2023-34038",
    "datePublished": "2023-08-04T11:24:57.885Z",
    "dateReserved": "2023-05-25T17:21:56.201Z",
    "dateUpdated": "2024-08-02T15:54:14.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ABDAB76-D9B4-4677-A489-AB8679C826A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2012:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A67E7F43-E1B4-4C36-819F-758242C62692\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E58D474-F936-49F0-A94A-F58EC1ECB076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBDBA771-953F-4994-8FAB-A0CFBF007C08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2111:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57471903-7385-441C-A8C4-19BD02EDACD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2111.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3BAFD5F-6559-45DC-BC66-C9CEEBF4DD3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2203:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E2E38F7-9453-45C8-A8D7-48F16ED63C5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:horizon_client:2212:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C6C858A-FB4C-43CF-9924-670CE4699F51\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"VMware Horizon Server contiene una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n. Un actor malicioso con acceso a la red puede ser capaz de acceder a informaci\\u00f3n relativa a la configuraci\\u00f3n de la red interna.\"}]",
      "id": "CVE-2023-34038",
      "lastModified": "2024-11-21T08:06:27.057",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-08-04T12:15:10.217",
      "references": "[{\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0017.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-34038\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2023-08-04T12:15:10.217\",\"lastModified\":\"2024-11-21T08:06:27.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\\n\\n\"},{\"lang\":\"es\",\"value\":\"VMware Horizon Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un actor malicioso con acceso a la red puede ser capaz de acceder a informaci\u00f3n relativa a la configuraci\u00f3n de la red interna.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ABDAB76-D9B4-4677-A489-AB8679C826A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67E7F43-E1B4-4C36-819F-758242C62692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E58D474-F936-49F0-A94A-F58EC1ECB076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBDBA771-953F-4994-8FAB-A0CFBF007C08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2111:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57471903-7385-441C-A8C4-19BD02EDACD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2111.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3BAFD5F-6559-45DC-BC66-C9CEEBF4DD3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2203:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E2E38F7-9453-45C8-A8D7-48F16ED63C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:horizon_client:2212:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C6C858A-FB4C-43CF-9924-670CE4699F51\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2023-0017.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2023-0017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.