Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Critical vulnerability in VMware vCenter 6.7 and prior
Image
Publié : 16/04/2020
Reference:
Advisory #2020-011
Version:
1
Affected software:
VMware vCenter version 6.7 and prior
Type:
Information Disclosure
CVE/CVSS:
CVE-2020-3952 : CVSSv3 10.0
Sources
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
https://my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F
Risks
An attacker with network access to a vulnerable vmdir implementation can exfiltrate sensitive information, this data can be used to compromise vCenter Server or other services depending on vmdir as an authentication mechanism.
Description
All version numbers up to and including version 6.7u3f of vCenter Server 6.7 embedded, and external Platform Service Controller ( PSC) are vulnerable to this vulnerability, including systems upgraded from a previous release line such as 6.0 and 6.5. Only fresh installations of vCenter Server 6.7 are not affected by this vulnerability.
Recommended Actions
CERT.be advises system administrators to patch vulnerable systems to the latest available version. The patches are available on the site of VMware.