High severity8.8NVD Advisory· Published Apr 20, 2018· Updated Jun 17, 2026
CVE-2018-6960
CVE-2018-6960
Description
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
Affected products
2>=7.0.0, <8.0.0+ 1 more
- (no CPE)range: >=7.0.0, <8.0.0
- (no CPE)range: 7.x before 8.0.0
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/103938nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040731nvdThird Party AdvisoryVDB Entry
- www.vmware.com/security/advisories/VMSA-2018-0010.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.