On 4/9/2020, VMware announced a critical security vulnerability (advisory VMSA-2020-0006) affecting vCenter.
The vulnerability rates a 10 out of 10 on the CVSSv3 scale due to the high likelihood of an attacker exploiting it.
Due to incorrect access controls to the VMware Directory Service service on vCenter, a malicious actor may be able to extract sensitive information to compromise the vCenter Server or other services. As per VMware’s advisory, clean installations of vCenter 6.7 are unaffected, but any vCenter platform upgraded from vCenter 6.0 and 6.5 are vulnerable and should be updated to vCenter 6.7u3f.
SCTG is already mitigating this vulnerability on all internal systems and customer platforms. We will be reaching out to our cloud customers ASAP to ensure their environments are updated.
As always, our Managed Services team is standing by to help. If you have any questions, please submit a support request through the customer portal or call us at 312-829-1111 Ext 2.