CVE-2020-4006: Multiple VMware Products Command Injection Vulnerability.
Multiple VMware Products Command Injection Vulnerability. VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
- CISA KEV-listed (remediation due 2022-05-03)
- EPSS 13.6% (94.4% percentile)