Critical vulnerability in VMware vCenter 6.7 and prior
CVE-2020-3952 : CVSSv3 10.0
An attacker with network access to a vulnerable vmdir implementation can exfiltrate sensitive information, this data can be used to compromise vCenter Server or other services depending on vmdir as an authentication mechanism.
All version numbers up to and including version 6.7u3f of vCenter Server 6.7 embedded, and external Platform Service Controller ( PSC) are vulnerable to this vulnerability, including systems upgraded from a previous release line such as 6.0 and 6.5. Only fresh installations of vCenter Server 6.7 are not affected by this vulnerability.
CERT.be advises system administrators to patch vulnerable systems to the latest available version. The patches are available on the site of VMware.