Vulnerability in VMware Directory Service affects large numbers of corporate VMs and hosts

PUBLISHED:
15 April 2020

Vulnerability in VMware Directory Service (vmdir) affects large numbers of corporate VMs and hosts

A critical informational disclosure bug was discovered in VMware’s Directory Service (vmdir) could allows a cyber-attacker to lay bare contents of entire corporate virtual infrastructures. The vmdir is part of VMware’s vCenter Server product, which provides centralized management of virtualized hosts and virtual machines (VMs) from a single console. The vmdir is the central component to the vCenter single sign on(SSO).

The critical flaw (CVE-2020-3952) was rated 10 out of 10 on the CVSS v.3 vulnerability severity scale. At issue is a poorly implemented access control, according to the bug advisory, which could allow a malicious actor to bypass authentication mechanisms.

Affected Items

  • vCenter Server 6.7 Virtual Appliance
  • vCenter Server 6.7 Windows

Solution

Administrators are encouraged to apply the VMware patches KB78543 as soon as possible.

More Information

21 April 2022 [NO.TCSA : 20220422-1-1-P]

A Critical Unauthenticated Remote Code Execution (RCE) Flaw Found in WSO2 API Manager, Identity Server & Enterprise Integrator

READ MORE READ MORE
19 April 2022 [NO.TCSA : 20220419-1-1-P]

Possible Increase of Intrusion Attempts on Sri Lankan Websites

READ MORE READ MORE
1 April 2022 [NO.TCSA : 20220401-1-1-P]

Spring4Shell – A Critical Remote Execution Found Spring Framework

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN