CVE-2020-4006 — Multiple VMware Products Command Injection Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | VMware |
| Product | Multiple Products |
| CWE | CWE-78 |
| CVE ID | CVE-2020-4006 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03