CVE-2020-3956

Name of the Vulnerable Software and Affected Versions VMware Cloud Director versions 9.1.0.x through 9.1.0.3 VMware Cloud Director versions 9.5.0.x through 9.5.0.5 VMware Cloud Director versions 9.7.0.x through 9.7.0.4 VMware Cloud Director versions 10.0.x through 10.0.0.1

Description The issue is related to insufficient neutralization of special elements in a request, which can lead to code injection. An authenticated actor may be able to send malicious traffic to VMware Cloud Director, potentially resulting in arbitrary remote code execution. This can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access.

Recommendations For versions 9.1.0.x through 9.1.0.3, update to version 9.1.0.4 or later. For versions 9.5.0.x through 9.5.0.5, update to version 9.5.0.6 or later. For versions 9.7.0.x through 9.7.0.4, update to version 9.7.0.5 or later. For versions 10.0.x through 10.0.0.1, update to version 10.0.0.2 or later.