3a. Advisory Details
VMware Cloud Director does not properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of this issue to be in the Imporant severity range with a maximum CVSSv3 base score of 8.8.
www.vmware.com/go/download/vcloud-director
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3956
docs.vmware.com/en/VMware-Cloud-Director/10.0/rn/VMware-vCloud-Director-for-Service-Providers-10002-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Director/9.1/rn/vCloud-Director-9104-for-Service-Providers-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Director/9.5/rn/vCloud-Director-9506-for-Service-Providers-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Director/9.7/rn/VMware-vCloud-Director-for-Service-Providers-9705-Release-Notes.html
kb.vmware.com/s/article/79091
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H