Back to CVE Browser

CVE-2018-6960

HIGH

8.8

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile28.96th

PublishedApr 20, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

Affected Platforms (CPE)

📦

Vmware

Horizon Daas

>= 7.0.0 and < 8.0.0

References & Advisories

🔗 http://www.securityfocus.com/bid/103938

🔗 http://www.securitytracker.com/id/1040731

🔗 https://www.vmware.com/security/advisories/VMSA-2018-0010.html

🔗 http://www.securityfocus.com/bid/103938

🔗 http://www.securitytracker.com/id/1040731

🔗 https://www.vmware.com/security/advisories/VMSA-2018-0010.html

Related Vulnerabilities

CVE-2019-55449.8

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issu...

CVE-2020-39776.5

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it...

CVE-2017-48975.5

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may expl...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...