Published: 2022-11-02
Risk
High
Patch available
YES
Number of vulnerabilities
1
CVE-ID
CVE-2020-3952
CWE-ID
CWE-284
Exploitation vector
Network
Public exploit
Vulnerability #1 is being exploited in the wild.
Vulnerable softwareSubscribe
Dell Enterprise Hybrid CloudServer applications / Virtualization software
Vendor
Dell
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper access control
EUVDB-ID: #VU26758
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-3952
CWE-ID: CWE-284 - Improper Access Control
Exploit availability: Yes
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the VMware Directory Service (vmdir), that is shipped with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC). A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information and compromise the affected system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Dell Enterprise Hybrid Cloud: 4.1.2
CPE2.3
External links
Q & A
Can this vulnerability be ..
Support the originator by clicking the read the rest link below.