9.8
CVE-2020-3952
- EPSS 93.23%
- Veröffentlicht 10.04.2020 14:15:12
- Zuletzt bearbeitet 13.03.2025 17:28:17
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Vcenter Server Version6.7 Update-
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
VMware vCenter Server Information Disclosure Vulnerability
SchwachstelleVMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.23% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.