VMware has fixed a critical vulnerability (CVE-2020-3952) affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service (vmdir) for authentication.
VMware vSphere is VMware’s cloud computing virtualization platform. vCenter Server is server management software for controlling VMware vSphere environments. “Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0,” the company noted in an advisory published last week.
To read the entire article, please click on https://www.helpnetsecurity.com/2020/04/14/cve-2020-3952/