CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-4897

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.3%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 7.1

References

http://www.securityfocus.com/bid/96559
http://www.securitytracker.com/id/1037951
http://www.vmware.com/security/advisories/VMSA-2017-0002.html
http://www.securityfocus.com/bid/96559
http://www.securitytracker.com/id/1037951
http://www.vmware.com/security/advisories/VMSA-2017-0002.html

Products affected by CVE-2017-4897

Vmware » Horizon Daas » Version: 6.1.6

cpe:2.3:a:vmware:horizon_daas:6.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-4897

Products

Pricing

Contact Us