CVE-2020-3952

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version

Description The issue is related to insufficient access control in the VMware Directory Service (vmdir) of VMware vCenter Server. This can allow a remote attacker to elevate their privileges. The problem occurs because vmdir does not correctly implement access controls under certain conditions.

Recommendations For versions prior to the fixed version, consider disabling the vulnerable vmdir service until a patch is available. Restrict access to the Platform Services Controller (PSC) to minimize the risk of exploitation. Avoid using the vulnerable vmdir functionality in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.