Security update fixes a critical vulnerability in the vCenter Server virtual infrastructure management platform that could allow attackers to gain access to sensitive information and potentially take control of affected virtual appliances or Windows systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert saying that an “attacker could exploit this vulnerability to take control”” of an affected system. The security issue affects the VMware Directory Service (vmdir) only on upgraded installations and it’s due to incorrectly implemented access controls. Vulnerability is tracked as CVE-2020-3952 and rated with a maximum CVSSv3 base score of 10.”
Source: https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-vcenter-server-vulnerability/