CyberSec.Space Logo
Back to CVE Browser

CVE-2017-4897

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile18.43th
PublishedMay 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.

Affected Platforms (CPE)

πŸ“¦
Vmware

Horizon Daas

<= 6.1.6

References & Advisories

πŸ”— http://www.securityfocus.com/bid/96559
πŸ”— http://www.securitytracker.com/id/1037951
πŸ”— http://www.vmware.com/security/advisories/VMSA-2017-0002.html
πŸ”— http://www.securityfocus.com/bid/96559
πŸ”— http://www.securitytracker.com/id/1037951
πŸ”— http://www.vmware.com/security/advisories/VMSA-2017-0002.html

Related Vulnerabilities

CVE-2019-55449.8

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu...

CVE-2018-69608.8

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-fac...

CVE-2020-39776.5

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...