Unrated severityCISA KEVNVD Advisory· Published Apr 10, 2020· Updated Oct 21, 2025

CVE-2020-3952

Description

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

Affected products

N/A/Vmware Vcenter Serverv5
Range: vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.htmlmitrex_refsource_MISC
www.vmware.com/security/advisories/VMSA-2020-0006mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000