silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,055
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago.
While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help admins mitigate the bug on affected devices.
If successfully exploited, the vulnerability enables attackers to escalate privileges and execute commands on the host Linux and Windows operating systems.
The full list of VMware product versions affected by the zero-day includes:
- VMware Workspace One Access 20.01, 20.10 (Linux)
- VMware Identity Manager (vIDM) 3.3.1 up to 3.3.3 (Linux)
- VMware Identity Manager Connector (vIDM Connector) 3.3.1, 3.3.2 (Linux)
- VMware Identity Manager Connector (vIDM Connector) 3.3.1, 3.3.2, 3.3.3 / 19.03.0.0, 19.03.0.1 (Windows)
VMware fixes zero-day vulnerability reported by the NSA
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
www.bleepingcomputer.com