There is a new Vmware vulnerability code named VMSA-2020-0006 that seems to be affecting people who have upgraded their vCenter Servers from Version 6.0/6.5 to 6.7 before 6.7U3F and this has given CVSSv3 Range 10.
As per Vmware: A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. vCenter updates are available to address this vulnerability.
vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0.
Please Note: Clean installation of vCenter 6.7 is not affected by this Vulnerability.
Attack Vector:
Its attach Vector is network access to an affected vmdir deployment may be able to extract highly sensitive information that could be used to compromise vCenter Server or other services that are dependent upon vmdir for authentication.
Resolution:
- If you have a vCenter 6.7 version that is impacted, you must upgrade to vCenter Server 6.7, Update 3f to resolve this issue.
- Alternatively, you may upgrade to vCenter version 7.0.
For More Security Vulnerability please refer to https://knowitlikepro.com/category/security-vulnerabilities/
Visit https://knowitlikepro.com/category/vmware/whats-new-in-vsphere-7-0/ to know What’s New in vSphere 7.0.