cbcvebase.
CVE-2020-4006
published 2020-11-23

CVE-2020-4006: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

Affected

11 ranges
VendorProductVersion rangeFixed in
vmwarecloud_foundation
vmwarecloud_foundation
vmwareidentity_manager
vmwareidentity_manager
vmwareidentity_manager
vmwareidentity_manager_connector
vmwareidentity_manager_connector
vmwareidentity_manager_connector
vmwareone_access
vmwareone_access
vmwarevrealize_suite_lifecycle_manager8.0 – 8.2

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vulncheck9.1CRITICAL
cisa9.1CRITICAL