3. VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952)
Under certain conditions[1] vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3952
kb.vmware.com/s/article/78543
my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F%20Additional%20Documentation:%20https://kb.vmware.com/s/article/78543
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H