Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
Jun 02, 2020
Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956 , the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to send malicious traffic to Cloud Director, leading to the execution of arbitrary code. It's rated 8.8 out of 10 on the CVSS v.3 vulnerability severity scale, making it a critical vulnerability. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers. According to the company, the vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API acces...
