CVE-2020-3977
- EPSS 0.12%
- Published 22.09.2020 14:15:12
- Last modified 21.11.2024 05:32:06
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-fact...
CVE-2019-5544
- EPSS 93.04%
- Published 06.12.2019 16:15:11
- Last modified 07.02.2025 14:59:31
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVE-2018-6960
- EPSS 4.52%
- Published 20.04.2018 13:29:00
- Last modified 21.11.2024 04:11:29
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
CVE-2017-4897
- EPSS 0.11%
- Published 31.05.2017 14:29:00
- Last modified 20.04.2025 01:37:25
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devi...