Horizon Server
by VMware
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-34038 | 0.00 | — | 0.00 | Aug 4, 2023 | VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. | |||
| CVE-2023-34037 | 0.00 | — | 0.00 | Aug 4, 2023 | VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. | |||
| CVE-2020-3997 | 0.00 | — | 0.01 | Oct 23, 2020 | VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | |||
| CVE-2019-5513 | 0.00 | — | 0.01 | Apr 9, 2019 | VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the… |
- CVE-2023-34038Aug 4, 2023risk 0.00cvss —epss 0.00
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
- CVE-2023-34037Aug 4, 2023risk 0.00cvss —epss 0.00
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.
- CVE-2020-3997Oct 23, 2020risk 0.00cvss —epss 0.01
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.
- CVE-2019-5513Apr 9, 2019risk 0.00cvss —epss 0.01
VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the…