Workaround for OpenSLP security vulnerability in Horizon DaaS appliances (CVE-2019-5544)
search cancel

Workaround for OpenSLP security vulnerability in Horizon DaaS appliances (CVE-2019-5544)


Article ID: 328526


Updated On:




CVE-2019-5544, a security vulnerability in OpenSLP, has been determined to affect Horizon DaaS appliances. This vulnerability and its effect on VMware products are documented in VMSA-2019-0022. Please review this advisory before continuing as there may be considerations outside the scope of this particular document.

The DaaS team has investigated CVE-2019-5544 and determined that the possibility of exploitation can be removed by performing the steps detailed in the resolution section of this article. This workaround is meant to be a temporary solution only - permanent fixes will be released as soon as they are available.


This workaround is applicable ONLY to Horizon DaaS appliances. Do not apply this workaround to other VMware products.

Functionality Impacts:

There is no known functionality impact from applying the workaround described in this article.


In order to remove the risk of exploitation of the OpenSLP security issue CVE-2019-5544 in a DaaS environment, the ESXi patches should be applied. For more information see VMware Security Advisory VMSA-2019-0022 .


To implement the workaround for CVE-2019-5544 perform the following steps:

  1. Download the workaround for the install version from the Customer Connect portal.
  1. Follow instructions provided in the Steps to follow section of the Readme.txt to apply the workaround to all management appliances in the DaaS deployments.
Note: The detailed help section in Readme.txt will provide guidance to the options that are available when the steps are executed.

To remove the workaround for CVE-2019-5544 at a later time perform the following steps:

The workaround is not known to impact any functionality, however, for any unforeseen reasons if there is a need to rollback then you can revert back to the snapshot taken at the start of the workaround as described in the Readme.txt.

For up-to-date information on CVE-2019-5544 as well as future security information please add your email address to the "Sign up for Security Advisories" window found in VMSA-2019-0022 .