CVE-2018-6970

CWE-125Out-of-bounds Read3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 27.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Horizon ClientVmware Horizon View
Timeline
PublishedAug 13
Latest updateMay 14

Description

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Hor

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDvmware/horizon_client4.0.04.8.1
NVDvmware/horizon_view6.0.06.2.7+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-6j55-6hf8-fxvj: VMware Horizon 6 (62022-05-14
CVEList
CVE-2018-6970: VMware Horizon 6 (62018-08-13
CVE-2018-6970 (MEDIUM CVSS 6.5) | VMware Horizon 6 (6.x.x before 6.2. | cvebase.io