VMwareVMSA-2020-0024VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)
3a. VMware Horizon Server Cross Site Scripting (XSS) vulnerability (CVE-2020-3997)
VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1.
3b. VMware Horizon Client for Windows information disclosure vulnerability (CVE-2020-3998)
VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3998
docs.vmware.com/en/VMware-Horizon-7/index.html
docs.vmware.com/en/VMware-Horizon-Client/index.html
my.vmware.com/en/web/vmware/downloads/details?downloadGroup=CART21FQ3_WIN_550&productId=863&rPId=53321
my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon/7_10
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Related
