Improper access control in Dell EMC Enterprise Hybrid Cloud

Nov 2, 2022 10:00 am Cyber Security 159

Published: 2022-11-02


Risk
High
Patch available
YES
Number of vulnerabilities
1
CVE-ID
CVE-2020-3952
CWE-ID
CWE-284
Exploitation vector
Network
Public exploit
Vulnerability #1 is being exploited in the wild.
Vulnerable softwareSubscribe
Dell Enterprise Hybrid CloudServer applications / Virtualization software
Vendor
Dell

Security Bulletin


This security bulletin contains one high risk vulnerability.



1) Improper access control


EUVDB-ID: #VU26758


Risk: High


CVSSv3.1:


CVE-ID: CVE-2020-3952


CWE-ID: CWE-284 - Improper Access Control


Exploit availability: Yes


Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.


The vulnerability exists due to improper access restrictions within the VMware Directory Service (vmdir), that is shipped with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC). A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information and compromise the affected system.


Mitigation

Install update from vendor's website.


Vulnerable software versions

Dell Enterprise Hybrid Cloud: 4.1.2


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000153591/dsa-2020-104-dell-emc-enterprise-hybrid-cloud-update-for-cve-2020-3952


Q & A


Can this vulnerability be ..

Support the originator by clicking the read the rest link below.

improper access control enterprise hybrid cloud
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!