CVE-2018-6971
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
VMware Horizon View Agents (versiones 7.x.x anteriores a la 7.5.1) contienen una vulnerabilidad de divulgación de información local debido al registro inseguro de credenciales en el archivo vmmsi.log cuando una cuenta diferente a la del usuario que tiene su sesión iniciada actualmente se especifica durante la instalación (incluyendo las instalaciones silenciosas). La explotación exitosa de este problema podría permitir que usuarios con pocos privilegios accedan a las credenciales especificadas durante la instalación de Horizon View Agent.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-14 CVE Reserved
- 2018-07-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104883 | Third Party Advisory | |
http://www.securitytracker.com/id/1041357 | Third Party Advisory | |
http://www.securitytracker.com/id/1041358 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2018-0018.html | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Horizon View Agents Search vendor "Vmware" for product "Horizon View Agents" | >= 7.0.0 < 7.5.1 Search vendor "Vmware" for product "Horizon View Agents" and version " >= 7.0.0 < 7.5.1" | - |
Affected
|