CVE-2020-4006 - Command Injection
Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available.
In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment.
Affected Products:
- VMware Workspace One Access (Access)
- VMware Workspace One Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
If you are using any of the products affected, do take sometime to remediate this as soon as possible.
Comments