// For flags

CVE-2016-7087

VMware Horizon View loggerBean Directory Traversal Information Disclosure Vulnerability

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.

Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener información sensible a través de vectores no especificados.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware Horizon View. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the loggerBean service. The loadConfig method does not properly sanitize the path supplied. An attacker can leverage this vulnerability to disclose arbitrary files from the system.

*Credits: Mike Arnold (Bruk0ut)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-08-23 CVE Reserved
  • 2016-10-07 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.0
Search vendor "Vmware" for product "Horizon View" and version "5.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.0.1
Search vendor "Vmware" for product "Horizon View" and version "5.0.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.1
Search vendor "Vmware" for product "Horizon View" and version "5.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.1.3
Search vendor "Vmware" for product "Horizon View" and version "5.1.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.2.0
Search vendor "Vmware" for product "Horizon View" and version "5.2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
5.3
Search vendor "Vmware" for product "Horizon View" and version "5.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
6.0
Search vendor "Vmware" for product "Horizon View" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
6.0.2
Search vendor "Vmware" for product "Horizon View" and version "6.0.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
6.1
Search vendor "Vmware" for product "Horizon View" and version "6.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
6.1.1
Search vendor "Vmware" for product "Horizon View" and version "6.1.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
6.2
Search vendor "Vmware" for product "Horizon View" and version "6.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Vmware
Search vendor "Vmware"
Horizon View
Search vendor "Vmware" for product "Horizon View"
7.0
Search vendor "Vmware" for product "Horizon View" and version "7.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe