Vulnerability Description
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Horizon View Agents | >= 7.0.0, < 7.5.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104883Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041357Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041358Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0018.htmlVendor Advisory
- http://www.securityfocus.com/bid/104883Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041357Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041358Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0018.htmlVendor Advisory
FAQ
What is CVE-2018-6971?
CVE-2018-6971 is a vulnerability with a CVSS score of 7.8 (HIGH). VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the current...
How severe is CVE-2018-6971?
CVE-2018-6971 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6971?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon View Agents.