A critical information-disclosure bug in VMware s Directory Service (vmdir) could lay bare the contents of entire corporate virtual infrastructures. The critical flaw (CVE-2020-3952) was disclosed and patched on Thursday; it rates 10 out of 10 on the CVSS v.3 vulnerability severity scale. At issue is a poorly implemented access control, which could allow a malicious actor to bypass authentication mechanisms. There are no workarounds, but administrators are encouraged to apply the patches as soon as possible.
Source: https://threatpost.com/critical-vmware-bug-corporate-treasure-hackers/154682/