CVE-2020-3998

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 53.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Horizon Client
Timeline
PublishedOct 23
Latest updateMay 24

Description

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5vmware_horizon_client_for_windowsVMware Horizon Client for Windows (5.x prior to 5.5.0)
NVDvmware/horizon_client5.0.05.5.0

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-65w7-fcmg-7963: VMware Horizon Client for Windows (52022-05-24
CVEList
CVE-2020-3998: VMware Horizon Client for Windows (52020-10-23
CVE-2020-3998 (MEDIUM CVSS 6.5) | VMware Horizon Client for Windows ( | cvebase.io