CVE-2020-3994
N/A
N/A
Summary
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | vCenter Server | vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) | affected |
Weaknesses
- Session hijack vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.