VDB

GCVE-110-CERTCC-2020-724367

GCVE-110-CERTCC-2020-724367
Advisory Published
Vulnetix · Advisory published November 23, 2020
### Overview VMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system. ### Description VMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker with access to the administrative configurator on port 8443 and a valid password to execute commands with unrestricted privileges on the underlying operating system. For additional details, please see [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html) and [CVE-2020-4006](https://nvd.nist.gov/vuln/detail/CVE-2020-4006). ### Impact This could allow a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account to execute commands with unrestricted privileges on the underlying operating system. Active exploitation of this vulnerability [has been reported](https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF). ### Solution VMware has released updates as described in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html). ### Workarounds VMware has documented workarounds in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html). ### Acknowledgements Thanks to VMware for coordinating this vulnerability. This document was written by Madison Oliver.

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›