CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4006

Known Exploited (CISA KEV)CRITICAL
9.1
CVSS Severity Score
EPSS Score54.8400%
EPSS Percentile96.43th
PublishedNov 23, 2020
Last ModifiedOct 30, 2025

Vulnerability Description

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

Affected Platforms (CPE)

πŸ“¦
Vmware

Identity Manager

= 3.3.1
πŸ“¦
Vmware

Identity Manager

= 3.3.2
πŸ“¦
Vmware

Identity Manager

= 3.3.3
πŸ“¦
Vmware

Identity Manager Connector

= 3.3.1
πŸ“¦
Vmware

Identity Manager Connector

= 3.3.2
πŸ“¦
Vmware

One Access

= 20.01
πŸ“¦
Vmware

One Access

= 20.10
πŸ“¦
Vmware

Identity Manager Connector

= 3.3.3
πŸ“¦
Vmware

Cloud Foundation

= 4.0
πŸ“¦
Vmware

Cloud Foundation

= 4.0.1
πŸ“¦
Vmware

Vrealize Suite Lifecycle Manager

>= 8.0 and <= 8.2

References & Advisories

πŸ”— https://www.vmware.com/security/advisories/VMSA-2020-0027.html
πŸ”— https://www.kb.cert.org/vuls/id/724367
πŸ”— https://www.vmware.com/security/advisories/VMSA-2020-0027.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4006

Related Vulnerabilities

CVE-2011-313510.0

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2020-202110.0

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i...

CVE-2011-313610.0

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivol...