CVE-2018-6970 - OpenCVE

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Horizon Client Horizon View

Configuration 1 [-]

OR	cpe:2.3:a:vmware:horizon_client::::::::
	cpe:2.3:a:vmware:horizon_view::::::::
	cpe:2.3:a:vmware:horizon_view::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105031
http://www.securitytracker.com/id/1041430
https://www.vmware.com/security/advisories/VMSA-2018-0019.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2018-08-13T21:00:00Z

Updated: 2024-09-17T02:00:49.779Z

Reserved: 2018-02-14T00:00:00

Link: CVE-2018-6970

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-13T21:48:02.197

Modified: 2018-10-15T18:33:36.300

Link: CVE-2018-6970

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware Horizon 6, Horizon 7, and Horizon Client", "vendor": "VMware", "versions": [{"status": "affected", "version": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)"}]}], "datePublic": "2018-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds read vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-14T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "1041430", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041430"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"}, {"name": "105031", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105031"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "DATE_PUBLIC": "2018-08-07T00:00:00", "ID": "CVE-2018-6970", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Horizon 6, Horizon 7, and Horizon Client", "version": {"version_data": [{"version_value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds read vulnerability"}]}]}, "references": {"reference_data": [{"name": "1041430", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041430"}, {"name": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"}, {"name": "105031", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105031"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:17:17.449Z"}, "title": "CVE Program Container", "references": [{"name": "1041430", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041430"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"}, {"name": "105031", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105031"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2018-6970", "datePublished": "2018-08-13T21:00:00Z", "dateReserved": "2018-02-14T00:00:00", "dateUpdated": "2024-09-17T02:00:49.779Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "783537DD-0B23-41F3-AFAD-9D0291EC33DF", "versionEndExcluding": "4.8.1", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*", "matchCriteriaId": "C67BA1CB-EAC5-47D4-AA0C-AC81B2E19021", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E8C9B5-6E87-4778-A9CE-768AD8BCB59B", "versionEndExcluding": "7.5.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."}, {"lang": "es", "value": "VMware Horizon 6 (6.x.x en versiones anteriores a la 6.2.7), Horizon 7 (7.x.x en versiones anteriores a la 7.5.1) y Horizon Client (4.x.x en versiones anteriores a la 4.8.1) contiene una vulnerabilidad de lectura fuera de l\u00edmites en la librer\u00eda Message Framework. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un usuario con menos privilegios filtre informaci\u00f3n desde un proceso privilegiado que se ejecuta en un sistema donde est\u00e9n instalados Horizon Connection Server, Horizon Agent o Horizon Client. Nota: este problema no aplica a los agentes de Horizon 6 y 7 instalados en los sistemas Linux o a los clientes de Horizon instalados en sistemas que no son Windows."}], "id": "CVE-2018-6970", "lastModified": "2018-10-15T18:33:36.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-13T21:48:02.197", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105031"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041430"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}