Vulnerability Details CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.154
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 9.0
Proposed Action
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Ransomware Campaign
Unknown
References
Products affected by CVE-2020-4006
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:identity_manager:3.3.1
-
cpe:2.3:a:vmware:identity_manager:3.3.2
-
cpe:2.3:a:vmware:identity_manager:3.3.3
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.2
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.3
-
cpe:2.3:a:vmware:one_access:20.01
-
cpe:2.3:a:vmware:one_access:20.10
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1
-
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-