CVE-2020-4006 - Command Injection

Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available.

In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment.

Affected Products:

  • VMware Workspace One Access (Access)
  • VMware Workspace One Access Connector (Access Connector)
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

 If you are using any of the products affected, do take sometime to remediate this as soon as possible.

Comments

Popular posts from this blog

Why VMware or Why Not after Broadcom?

VMware Certifications Updates

VMware vExpert 2025 Applications Starts Now!