From helpnetsecurity.com
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered.
VMware Cloud Director vulnerability enables a full cloud infrastructure takeover