Greetings from the VMware Security Response Center!
Today we released VMSA-2016-0015 which documents an Important severity issue in VMware Horizon View.
During internal discussions the most common question I have been asked about CVE-2016-7087 is why the issue has been classified as Important rather than Critical. The reason for this is after thorough investigation, it was determined that information you can pull off of the server doesn’t seem to be particularly sensitive. That being said, this is still unintended behavior of our product and so we strongly recommend updating to fixed versions listed in our VMSA.
We also wanted to mention Mike Arnold (Bruk0ut) working with Trend Micro’s Zero Day Initiative for responsibly disclosing this issue to us. Thanks Mike!
That’s it for this week. Stay tuned.
Drop us a line at firstname.lastname@example.org if you have any questions.