Lucene search

VMwareVMSA-2020-0024

HistoryOct 22, 2020 - 12:00 a.m.

VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)

2020-10-2200:00:00

www.vmware.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

3a. VMware Horizon Server Cross Site Scripting (XSS) vulnerability (CVE-2020-3997)

VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1.

3b. VMware Horizon Client for Windows information disclosure vulnerability (CVE-2020-3998)

VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.

CPENameOperatorVersion
horizon serverlt7.10.3
horizon serverlt7.13.0
horizon client for windowslt5.5.0

Name	Operator	Version
horizon server	lt	7.10.3
horizon server	lt	7.13.0
horizon client for windows	lt	5.5.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3997

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3998

docs.vmware.com/en/VMware-Horizon-7/index.html

docs.vmware.com/en/VMware-Horizon-Client/index.html

my.vmware.com/en/web/vmware/downloads/details?downloadGroup=CART21FQ3_WIN_550&productId=863&rPId=53321

my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon/7_10

www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N