Under certain conditions, attackers could attack Linux and Windows systems with VMware Cloud Foundation, IdentityManager, Identity Manager Connector, vRealize Suite Lifecycle Manager, Workspace One Access and Workspace One Access Connector and execute malicious code. Security updates are not yet available. Admins must secure their systems with workarounds.

In order to use the as ” critical “classified gap (CVE – 2020 – 4006) successfully, attackers need network access to the admin configuration panel (port 8443). A valid password is required for this. If access is given, you can execute your own commands with unrestricted rights.

Secure systems now! In a warning message, VMware lists further information about the security gap. As you can see from an article, the workarounds only work with Identity Manager, Identity Manger Connector and Workspace One Access.

If the workaround is active, admins cannot use the configuration panel. If this is absolutely necessary, you can temporarily deactivate the workaround and arm it again after the settings have been made.

It is not yet known when the security updates will appear. These versions are affected by the vulnerability:

VMware Cloud Foundation 4.x (all systems) vRealize Suite Lifecycle Manager 8.x (all systems) VMware Workspace One Access 20. 10 (Linux) VMware Workspace One Access 20. 01 (Linux) VMware Identity Manager 3.3.3 (Linux) VMware Identity Manager 3.3.2 (Linux) VMware Identity Manager 3.3.1 (Linux) VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux) VMware Identity Manager Connector 3.3 .3, 3.3.2, 3.3.1 (Windows) (of)