Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2020-0006 | Vendor Advisory |
Configurations
History
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
13 Dec 2021, 20:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
References | (MISC) http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2020-04-10 14:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-3952
Mitre link : CVE-2020-3952
CVE.ORG link : CVE-2020-3952
JSON object : View
Products Affected
vmware
- vcenter_server
CWE
CWE-306
Missing Authentication for Critical Function