VMwareVMSA-2023-0017VMware Horizon Server updates address multiple security vulnerabilities (CVE-2023-34037, CVE-2023-34038)
0.001 Low
EPSS
Percentile
19.7%
3a. Request smuggling vulnerability (CVE-2023-34037)
VMware Horizon Server contains a HTTP request smuggling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
3b. Information disclosure vulnerability (CVE-2023-34038)
VMware Horizon Server contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vmware horizon server | lt | 2306 | |
| vmware horizon server | lt | 2212.1 | |
| vmware horizon server | lt | 2209.1 | |
| vmware horizon server | lt | 2111.2 |
References
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2111
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2209
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2212
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon/2306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34038
docs.vmware.com/en/VMware-Horizon/8-2111.2/rn/vmware-horizon-8-21112-release-notes/index.html
docs.vmware.com/en/VMware-Horizon/8-2209.1/rn/vmware-horizon-8-22091-release-notes/index.html
docs.vmware.com/en/VMware-Horizon/8-2212.1/rn/vmware-horizon-8-22121-release-notes/index.html
docs.vmware.com/en/VMware-Horizon/8-2306/rn/vmware-horizon-8-2306-release-notes/index.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Related
