vulnerability
VMware Photon OS: CVE-2020-15136
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
6 | (AV:N/AC:H/Au:N/C:C/I:P/A:N) | Aug 6, 2020 | Jan 20, 2025 | Jul 2, 2025 |
Severity
6
CVSS
(AV:N/AC:H/Au:N/C:C/I:P/A:N)
Published
Aug 6, 2020
Added
Jan 20, 2025
Modified
Jul 2, 2025
Description
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.
Solution
vmware-photon_os_update_tdnf

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.