VMware Releases Workarounds for CVE-2020-4006 (25th November 2020)

VMware has released workarounds to address a vulnerability (CVE-2020-4006) in the below products.

  • VMware Workspace One Access
  • VMware Access Connector 
  • VMware Identity Manager
  • VMware Identity Manager Connector
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

For more information on the VMware released Workarounds you can follow the below URL:

https://www.vmware.com/security/advisories/VMSA-2020-0027.html

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

References

  • VMware security Advisories (25th November, 2020). Retrieved from VMware 

           https://www.vmware.com/security/advisories.html

  • VMware Releases Workarounds for CVE-2020-4006 (24th November, 2020). Retrieved form US-Cert 

           https://us-cert.cisa.gov/ncas/current-activity/2020/11/23/vmware-releases-workarounds-cve-2020-4006

  • VMware Workspace ONE Access and related components are vulnerable to command injection (23th November, 2020) Retrieved from CERT Coordination Center (CERT/CC)

           https://www.kb.cert.org/vuls/id/724367