VMware vCenter Server Security Vulnerability (CVE-2020-3952)

About

Vulnerability CVE-2020-3952 revolves around the vmdir that ships with VMWare vCenter Server as it does not properly implement access controls. To exploit the vulnerability, a cyber actor must have network access to an affected vmdir deployment – they would then have the ability to extract highly sensitive data which could be used to compromise vCenter Server or other services dependent on vmdir for authentication.

More Information

We recommend checking this VMware advisory to see if a vmdir deployment is affected by CVE-2020-3952.

https://kb.vmware.com/s/article/78543

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3952

Fix

VMware has released patch 6.7u3f that fixes this vulnerability. VMware vCenter Server V7.0 and v6.5 are unaffected.

DATE PUBLISHEDApril 16, 2020

AUTHORBlackpoint Cyber

2026 Annual Threat Report

What actually worked for attackers in 2025.

Most attackers aren’t breaking in
They’re logging in

Explore the real patterns behind modern intrusions in the 2026 Annual Threat Report

GET THE REPORT

img:is([sizes=auto i],[sizes^="auto," i]){contain-intrinsic-size:3000px 1500px}#fancybox-outer{background:#fff}#fancybox-content{background:#fff;border-color:#fff;color:#000}#fancybox-title,#fancybox-title-float-main{color:#fff}.searchwp-live-search-result .searchwp-live-search-result--title a{font-size:16px}.searchwp-live-search-result .searchwp-live-search-result--price{font-size:14px}.searchwp-live-search-result .searchwp-live-search-result--add-to-cart .button{font-size:14px}@media ( min-width: 992px ){.block-visibility-hide-large-screen{display:none !important}}@media ( min-width: 768px ) and ( max-width: 991.98px ){.block-visibility-hide-medium-screen{display:none !important}}@media ( max-width: 767.98px ){.block-visibility-hide-small-screen{display:none !important}}.searchwp-live-search-results{opacity:0;transition:opacity .25s ease-in-out;-moz-transition:opacity .25s ease-in-out;-webkit-transition:opacity .25s ease-in-out;height:0;overflow:hidden;z-index:9999995;position:absolute;display:none}.searchwp-live-search-results-showing{display:block;opacity:1;height:auto;overflow:auto}.searchwp-live-search-no-results{padding:3em 2em 0;text-align:center}.searchwp-live-search-no-min-chars:after{content:"Continue typing";display:block;text-align:center;padding:2em 2em 0}

VMware vCenter Server Security Vulnerability (CVE-2020-3952)

About

More Information

Fix

DATE PUBLISHEDApril 16, 2020

AUTHORBlackpoint Cyber

2026 Annual Threat Report

Platform

Solutions

Why Blackpoint

Partners

Company

Resources

VMware vCenter Server Security Vulnerability (CVE-2020-3952)

About

More Information

Fix

DATE PUBLISHEDApril 16, 2020

AUTHORBlackpoint Cyber

SHARE ON

2026 Annual Threat Report