- Description
- VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.
- Source
- security@vmware.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03FE054D-3CAE-4662-AE49-A051F801DAF0",
"versionEndExcluding": "6.2.8",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:horizon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6D58A7C-8604-49B1-BA6C-2C4C135D7893",
"versionEndExcluding": "7.8",
"versionStartIncluding": "7.0"
},
{
"criteria": "cpe:2.3:a:vmware:horizon:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F03DE354-EC01-4333-8FFF-CB7D7A89FC9C",
"versionEndExcluding": "7.5.2",
"versionStartIncluding": "7.5.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]