Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for horizon by vmware

    CVE-2022-22964 (GCVE-0-2022-22964)

    Vulnerability from nvd – Published: 2022-04-11 19:38 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
    Severity
    No CVSS data available.
    CWE
    • Local privilege escalation due to vulnerable configuration file
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware VMware Horizon Agent for Linux Affected: VMware Horizon Agent for Linux prior to 22.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Agent for Linux",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Agent for Linux prior to 22.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Local privilege escalation due to vulnerable configuration file",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T16:53:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22964",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Agent for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Agent for Linux prior to 22.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Local privilege escalation due to vulnerable configuration file"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22964",
        "datePublished": "2022-04-11T19:38:29.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22962 (GCVE-0-2022-22962)

    Vulnerability from nvd – Published: 2022-04-11 19:38 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
    Severity
    No CVSS data available.
    CWE
    • Local privilege escalation due to vulnerable symbolic link
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware VMware Horizon Agent for Linux Affected: VMware Horizon Agent for Linux prior to 22.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Agent for Linux",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Agent for Linux prior to 22.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Local privilege escalation due to vulnerable symbolic link",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T16:54:34.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22962",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Agent for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Agent for Linux prior to 22.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Local privilege escalation due to vulnerable symbolic link"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22962",
        "datePublished": "2022-04-11T19:38:28.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22938 (GCVE-0-2022-22938)

    Vulnerability from nvd – Published: 2022-01-28 19:09 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T19:09:25.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22938",
        "datePublished": "2022-01-28T19:09:25.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3997 (GCVE-0-2020-3997)

    Vulnerability from nvd – Published: 2020-10-23 13:49 – Updated: 2024-08-04 07:52
    VLAI
    Summary
    VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.
    Severity
    No CVSS data available.
    CWE
    • VMware Horizon Server Cross Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VMware Horizon Server Affected: VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "VMware Horizon Server Cross Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T13:49:06.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2020-3997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "VMware Horizon Server Cross Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2020-3997",
        "datePublished": "2020-10-23T13:49:06.000Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:52:20.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5527 (GCVE-0-2019-5527)

    Vulnerability from nvd – Published: 2019-10-10 16:28 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
    Severity
    No CVSS data available.
    CWE
    • Use-after-free vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ESXi, Workstation, Fusion, VMRC and Horizon Client Affected: ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:50.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi, Workstation, Fusion, VMRC and Horizon Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T16:28:46.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2019-5527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi, Workstation, Fusion, VMRC and Horizon Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-after-free vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2019-5527",
        "datePublished": "2019-10-10T16:28:46.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:50.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5513 (GCVE-0-2019-5513)

    Vulnerability from nvd – Published: 2019-04-09 19:30 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VMware Horizon Connection Server Affected: VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:50.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Connection Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server\u2019s internal name, or the gateway\u2019s internal IP address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T19:30:44.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2019-5513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Connection Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server\u2019s internal name, or the gateway\u2019s internal IP address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2019-5513",
        "datePublished": "2019-04-09T19:30:44.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:50.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22964 (GCVE-0-2022-22964)

    Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
    Severity
    No CVSS data available.
    CWE
    • Local privilege escalation due to vulnerable configuration file
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware VMware Horizon Agent for Linux Affected: VMware Horizon Agent for Linux prior to 22.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Agent for Linux",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Agent for Linux prior to 22.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Local privilege escalation due to vulnerable configuration file",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T16:53:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22964",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Agent for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Agent for Linux prior to 22.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Local privilege escalation due to vulnerable configuration file"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22964",
        "datePublished": "2022-04-11T19:38:29.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22962 (GCVE-0-2022-22962)

    Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
    Severity
    No CVSS data available.
    CWE
    • Local privilege escalation due to vulnerable symbolic link
    Assigner
    References
    Impacted products
    Vendor Product Version
    VMware VMware Horizon Agent for Linux Affected: VMware Horizon Agent for Linux prior to 22.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Agent for Linux",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Agent for Linux prior to 22.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Local privilege escalation due to vulnerable symbolic link",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T16:54:34.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22962",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Agent for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Agent for Linux prior to 22.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Local privilege escalation due to vulnerable symbolic link"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0012.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22962",
        "datePublished": "2022-04-11T19:38:28.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22938 (GCVE-0-2022-22938)

    Vulnerability from cvelistv5 – Published: 2022-01-28 19:09 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:42.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T19:09:25.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2022-22938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2022-0002.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2022-22938",
        "datePublished": "2022-01-28T19:09:25.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:42.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3997 (GCVE-0-2020-3997)

    Vulnerability from cvelistv5 – Published: 2020-10-23 13:49 – Updated: 2024-08-04 07:52
    VLAI
    Summary
    VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.
    Severity
    No CVSS data available.
    CWE
    • VMware Horizon Server Cross Site Scripting (XSS) vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VMware Horizon Server Affected: VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "VMware Horizon Server Cross Site Scripting (XSS) vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-23T13:49:06.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2020-3997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "VMware Horizon Server Cross Site Scripting (XSS) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2020-0024.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2020-3997",
        "datePublished": "2020-10-23T13:49:06.000Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:52:20.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5527 (GCVE-0-2019-5527)

    Vulnerability from cvelistv5 – Published: 2019-10-10 16:28 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
    Severity
    No CVSS data available.
    CWE
    • Use-after-free vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ESXi, Workstation, Fusion, VMRC and Horizon Client Affected: ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:50.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ESXi, Workstation, Fusion, VMRC and Horizon Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-after-free vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T16:28:46.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2019-5527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ESXi, Workstation, Fusion, VMRC and Horizon Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ESXi 6.7. 6.5, 6.0, Workstation 15.x, Fusion 11.x, VMRC 10.x and Horizon Client 5.x and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-after-free vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2019-0014.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2019-5527",
        "datePublished": "2019-10-10T16:28:46.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:50.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5513 (GCVE-0-2019-5513)

    Vulnerability from cvelistv5 – Published: 2019-04-09 19:30 – Updated: 2024-08-04 20:01
    VLAI
    Summary
    VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VMware Horizon Connection Server Affected: VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:01:50.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VMware Horizon Connection Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server\u2019s internal name, or the gateway\u2019s internal IP address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T19:30:44.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2019-5513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VMware Horizon Connection Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "VMware Horizon Connection Server 7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server\u2019s internal name, or the gateway\u2019s internal IP address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html",
                  "refsource": "MISC",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2019-0003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2019-5513",
        "datePublished": "2019-04-09T19:30:44.000Z",
        "dateReserved": "2019-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:01:50.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }