March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Official Statement on the Reported Data Breach of 115M Pakistani Mobile Users
April 11, 2020Rewterz Threat Alert – New Ursnif Campaign: A Shift from PowerShell to Mshta
April 13, 2020Rewterz Official Statement on the Reported Data Breach of 115M Pakistani Mobile Users
April 11, 2020Rewterz Threat Alert – New Ursnif Campaign: A Shift from PowerShell to Mshta
April 13, 2020
Severity
High
Analysis Summary
Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.
Impact
Information disclosure
Affected Vendors
VMWare
Affected Products
vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f
Remediation
Update to fixed version.
https://my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F