VMware’s Cloud Director platform, used by many corporations and providers to manage cloud infrastructure, has a vulnerability that could allow attackers to gain access to the stored data. Rated 8.8 on the Common Vulnerability Scoring System (CVSS) and assigned CVE-2020-3956, this code-injection vulnerability in the cloud service-delivery platform could allow an attacker to gain access to the data on the cloud and take control of enterprise private clouds. Patches have been released by VMWare to fix the vulnerability. According to Citadelo, an ethical hacking company, this flaw can be exploited to not only access the stored information but can also modify the login section to gain administrator access and view hashed passwords of all of its users.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in