Chris White, Senior Data Center Engineer
Advanced Logic Industries
Recently, a sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. In response to this zero-day vulnerability, VMware released a patch for vCenter 6.7. The patch addresses a vulnerability in the single sign-on functionality of the Platform Services Controller (PSC) portion of vCenter.
It has been evaluated that the severity of this issue falls within the Critical severity range with a maximum CVSSv3 base score of 10.0. This is due to the fact that a malicious actor with network access to an affected vdmir deployment can disclose highly sensitive information. Which, in turn, could be used to compromise vCenter Server or other services that are dependent upon vmdir for authentication.
You can learn more about this latest Security Advisory here.
For our managed IT clients, we are already implementing patches and coordinating with those IT teams. If you need help either assessing applicability for your VMware implementation or providing patching support, we’re available to help.Request Support
Get Immediate Updates
Want to be the first to know when we post content like this on our blog? Hit the green “Follow” button with the email icon below to opt in to our blog feed and you’ll get updates via email as soon as they go live here.