CVE-2018-6971

CVE Database · CVE-2018-6971

CVE-2018-6971

· N/AModified

CVSS v3.1

N/A

EPSS

0.42%

Published

Jul 25, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.

Weaknesses (CWE)

CWE-532

Affected Products (1)

vmware · horizon_view_agents (up to 7.5.1)vulnerable

References (8)

http://www.securityfocus.com/bid/104883

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041357

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041358

Third Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0018.html

Vendor Advisory

http://www.securityfocus.com/bid/104883

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041357

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs