Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Horizon DaaS

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2018-6960
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-4.52% / 88.72%
||
7 Day CHG~0.00%
Published-20 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-horizon_daasHorizon DaaS
CWE ID-CWE-287
Improper Authentication
CVE-2017-4897
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.11%
||
7 Day CHG~0.00%
Published-31 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-horizon_daasHorizon DaaS
CWE ID-CWE-20
Improper Input Validation