CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

vmware

horizon_daas

3 known vulnerabilities · sorted by CVSS score

CVE-2019-5544

CRITICAL9.8

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

vmware / horizon_daas+259

Network

Published Dec 6, 2019

CVE-2018-6960

HIGH8.8

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

vmware / horizon_daas

Network

Published Apr 20, 2018

CVE-2020-3977

MEDIUM6.5

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

vmware / horizon_daas+1

Network

Published Sep 22, 2020