Vulnerability Details CVE-2018-6970
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-6970
-
cpe:2.3:a:vmware:horizon_client:4.0.0
-
cpe:2.3:a:vmware:horizon_client:4.0.1
-
cpe:2.3:a:vmware:horizon_client:4.1.0
-
cpe:2.3:a:vmware:horizon_client:4.2.0
-
cpe:2.3:a:vmware:horizon_client:4.3.0
-
cpe:2.3:a:vmware:horizon_client:4.4.0
-
cpe:2.3:a:vmware:horizon_client:4.5.0
-
cpe:2.3:a:vmware:horizon_client:4.6.0
-
cpe:2.3:a:vmware:horizon_client:4.6.1
-
cpe:2.3:a:vmware:horizon_client:4.7.0
-
cpe:2.3:a:vmware:horizon_client:4.8.0
-
cpe:2.3:a:vmware:horizon_view:6.0.0
-
cpe:2.3:a:vmware:horizon_view:6.0.2
-
cpe:2.3:a:vmware:horizon_view:6.1
-
cpe:2.3:a:vmware:horizon_view:6.1.1
-
cpe:2.3:a:vmware:horizon_view:6.2
-
cpe:2.3:a:vmware:horizon_view:6.2.0
-
cpe:2.3:a:vmware:horizon_view:6.2.1
-
cpe:2.3:a:vmware:horizon_view:6.2.2
-
cpe:2.3:a:vmware:horizon_view:6.2.3
-
cpe:2.3:a:vmware:horizon_view:6.2.4
-
cpe:2.3:a:vmware:horizon_view:6.2.5
-
cpe:2.3:a:vmware:horizon_view:7.0.0
-
cpe:2.3:a:vmware:horizon_view:7.0.1
-
cpe:2.3:a:vmware:horizon_view:7.0.2
-
cpe:2.3:a:vmware:horizon_view:7.0.3
-
cpe:2.3:a:vmware:horizon_view:7.1.0
-
cpe:2.3:a:vmware:horizon_view:7.2.0
-
cpe:2.3:a:vmware:horizon_view:7.3.2
-
cpe:2.3:a:vmware:horizon_view:7.3.3
-
cpe:2.3:a:vmware:horizon_view:7.4.0
-
cpe:2.3:a:vmware:horizon_view:7.4.1
-
cpe:2.3:a:vmware:horizon_view:7.5.0