Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34038: VMSA-2023-0017

VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

CVE
Open in Source
#vulnerability#vmware

Advisory ID: VMSA-2023-0017

CVSSv3 Range: 5.3

Issue Date: 2023-08-03

Updated On: 2023-08-03 (Initial Advisory)

CVE(s): CVE-2023-34037, CVE-2023-34038

Synopsis: VMware Horizon Server updates address multiple security vulnerabilities (CVE-2023-34037, CVE-2023-34038)

****1. Impacted Products****

  • VMware Horizon Server

****2. Introduction****

Multiple vulnerabilities in VMware Horizon Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

****3a. Request smuggling vulnerability (CVE-2023-34037)****

VMware Horizon Server contains a HTTP request smuggling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access may be able to perform HTTP smuggle requests.

To remediate CVE-2023-34037 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Ricter Z, and Matt Landers of OccamSec for independently reporting this issue to us.

****3b. Information disclosure vulnerability (CVE-2023-34038)****

VMware Horizon Server contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

A malicious actor with network access may be able to access information relating to the internal network configuration.

To remediate CVE-2023-34038 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Matt Landers of OccamSec for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

VMware Horizon Server

2306

Any

N/A

N/A

N/A

Unaffected

N/A

N/A

VMware Horizon Server

2303

Any

CVE-2023-34037, CVE-2023-34038

5.3

moderate

2306

None

None

VMware Horizon Server

2212

Any

CVE-2023-34037, CVE-2023-34038

5.3

moderate

2212.1

None

None

VMware Horizon Server

2209, 2206

Any

CVE-2023-34037, CVE-2023-34038

5.3

moderate

2209.1

None

None

VMware Horizon Server

2111.x, 2106, 2103, 2012, 2006

Any

CVE-2023-34037, CVE-2023-34038

5.3

moderate

2111.2

None

None

****4. References****

****5. Change Log****

**2023-08-03: VMSA-2023-0017
**Initial security advisory.

****6. Contact****

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE