VDB
GCVE-110-CERTCC-2020-724367
GCVE-110-CERTCC-2020-724367
Advisory Published
### Overview
VMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system.
### Description
VMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker with access to the administrative configurator on port 8443 and a valid password to execute commands with unrestricted privileges on the underlying operating system. For additional details, please see [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html) and [CVE-2020-4006](https://nvd.nist.gov/vuln/detail/CVE-2020-4006).
### Impact
This could allow a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account to execute commands with unrestricted privileges on the underlying operating system.
Active exploitation of this vulnerability [has been reported](https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF).
### Solution
VMware has released updates as described in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html).
### Workarounds
VMware has documented workarounds in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html).
### Acknowledgements
Thanks to VMware for coordinating this vulnerability.
This document was written by Madison Oliver.
Aliases
References
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.