CVE-2020-4006
CRITICAL KEVVmware Identity Manager < 8.2 - OS Command Injection
Title source: ruleDescription
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Scores
CVSS v3
9.1
EPSS
0.1283
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2020-12-03
InTheWild.io
2020-12-03
ENISA EUVD
EUVD-2020-25271
CWE
CWE-78
Status
published
Products (11)
vmware/cloud_foundation
4.0
vmware/cloud_foundation
4.0.1
vmware/identity_manager
3.3.1
vmware/identity_manager
3.3.2
vmware/identity_manager
3.3.3
vmware/identity_manager_connector
3.3.1
vmware/identity_manager_connector
3.3.2
vmware/identity_manager_connector
3.3.3
vmware/one_access
20.01
vmware/one_access
20.10
... and 1 more
Published
Nov 23, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026