CVE-2020-3956
vCloud Director 9.7.0.15498291 - Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
VMware Cloud Director versiones 10.0.x anteriores a 10.0.0.2, versiones 9.7.0.x anteriores a 9.7.0.5, versiones 9.5.0.x anteriores a 9.5.0.6 y versiones 9.1.0.x anteriores a 9.1.0.4, no manejan apropiadamente la entrada conllevando a una vulnerabilidad de inyección de código. Un actor autenticado puede ser capaz de enviar tráfico malicioso a VMware Cloud Director, lo que puede conllevar a una ejecución de código remota arbitraria. Esta vulnerabilidad puede ser explotada por medio de las interfaces de usuario basadas en HTML5 y Flex, la interfaz del Explorador de la API y el acceso a la API.
vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-05-20 CVE Published
- 2020-06-02 First Exploit
- 2024-08-04 CVE Updated
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2020-0010.html | 2021-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 9.5.0.0 < 9.5.0.6 Search vendor "Vmware" for product "Vcloud Director" and version " >= 9.5.0.0 < 9.5.0.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 9.5.0.0 < 9.5.0.6 Search vendor "Vmware" for product "Vcloud Director" and version " >= 9.5.0.0 < 9.5.0.6" | - |
Affected
| in | Vmware Search vendor "Vmware" | Photon Os Search vendor "Vmware" for product "Photon Os" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 9.7.0.0 < 9.7.0.5 Search vendor "Vmware" for product "Vcloud Director" and version " >= 9.7.0.0 < 9.7.0.5" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 9.7.0.0 < 9.7.0.5 Search vendor "Vmware" for product "Vcloud Director" and version " >= 9.7.0.0 < 9.7.0.5" | - |
Affected
| in | Vmware Search vendor "Vmware" | Photon Os Search vendor "Vmware" for product "Photon Os" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 10.0.0.0 < 10.0.0.2 Search vendor "Vmware" for product "Vcloud Director" and version " >= 10.0.0.0 < 10.0.0.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 10.0.0.0 < 10.0.0.2 Search vendor "Vmware" for product "Vcloud Director" and version " >= 10.0.0.0 < 10.0.0.2" | - |
Affected
| in | Vmware Search vendor "Vmware" | Photon Os Search vendor "Vmware" for product "Photon Os" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Vcloud Director Search vendor "Vmware" for product "Vcloud Director" | >= 9.1.0.0 < 9.1.0.4 Search vendor "Vmware" for product "Vcloud Director" and version " >= 9.1.0.0 < 9.1.0.4" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|