CVE-2020-3994
Description
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- VMware/vCenter Serverdescription
- Range: >=6.5 <6.5u3k, >=6.7 <6.7u3
- Range: >=6.5 <6.5u3k, >=6.7 <6.7u3
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.vmware.com/security/advisories/VMSA-2020-0023.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.