VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.1 |
||
vmware identity_manager 3.3.2 |
||
vmware identity_manager 3.3.3 |
||
vmware identity_manager_connector 3.3.1 |
||
vmware identity_manager_connector 3.3.2 |
||
vmware one_access 20.01 |
||
vmware one_access 20.10 |
||
vmware identity_manager_connector 3.3.3 |
||
vmware cloud foundation 4.0 |
||
vmware cloud foundation 4.0.1 |
||
vmware vrealize suite lifecycle manager |
So, you know, patch it Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA
The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare's software to infiltrate victims' networks. Sysadmins are urged to deploy the necessary patch as soon as possible. “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication,” a cybersecurity notice [PDF] published on Monday warns. The Amer...
If you've been pwned in the past, pay special attention to this one
VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products. Details of the vuln, which was found and "privately reported" to Virtzilla, are scant at the moment but it does have a CVE number (CVE-2020-4006) and a v3 rating of 9.3, well within the critical bracket. A command injection vuln could allow malicious people who have network access to the "administrativ...