VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products.
Details of the vuln, which was found and "privately reported" to Virtzilla, are scant at the moment but it does have a CVE number (CVE-2020-4006) and a v3 rating of 9.3, well within the critical bracket.
A command injection vuln could allow malicious people who have network access to the "administrative configurator on port 8443" together with "a valid password for the configurator admin account" to execute commands with "unrestricted privileges on the underlying operating system," said VMware.
It appears that the vulnerability requires a valid username and password combination to exploit and affects both Windows and Linux installations.
The workaround ..
Support the originator by clicking the read the rest link below.
