VMware got vulnerability which affects the multiple products which allow threat actors to get sensitive information from the user.
Vulnerabilities Found in VMware
CVE-2020-3960
This is the out-of-bounds which reads the vulnerability and affects the VMware ESXi Workstation and the Fusion where the users get notifications to update the fixed versions.
The malicious actor that controls the local and non-administrative access which have access to a virtual machine that may be having the privileged information which condition in memory.
CVE-2020-3961
Due to unsafe loading of libraries and configuration which gave access to the vulnerable folder that exists with the VMware Horizon Client for the Windows Operating System.
The Vulnerabilities that are found can be exploited by the local user on any of the systems and then able to run the commands on any user.
The affected vulnerabilities target the Horizon clients of windows 5.x and upper version which was fixed with version 5.4.3. The vulnerabilities considered as the important severity range and having 8.4 scores in CVSSv3.
CVE-2020-3956
A code injection vulnerability that can target the VMware Cloud Director that leads to arbitrary can done by the remote code execution methods. The vulnerability can be exploited by the cyber threat actor by sending the unknown traffic to the VMware Cloud Director.
HTML 5 and Flex-based UIs are used to exploit and do the vulnerabilities which can also use the API explorer interface and API access.
Comment your Suggestion regarding the article and thank you for reading this article.
