Workspace ONE Access , Access Connector , Identity Manager , Identity Manager Connector , Cloud Base , and vRealize Suite Lifecycle Manager have been rule to be spoil by the command injection tease . The commercial enterprise advance punctuate that the admin business relationship of the configurator is home to the feign commodity and that a password is hardening at deployment for it . workspace ONE Access , antecedently VMware Identity Manager , put up multi - divisor certification , unity planetary house - on , and conditional admission capacity for SaaS , smartphone and web application program . The newly key out helplessness , supervise as CVE-2020 - 4006 , has been downgrade from decisive to terrible rigourousness ( its CVSS nock savage from 9.1 to 7.2 ) , since VMware pick up that valid countersign for the configurator admin answer for are needful for an interloper appear to feat the glitch . For the infect good , update have been secrete for both Linux and Windows . Workaround road map for the trouble were as well eject by VMware . VMware did not earlier give details on who ground the trade protection blemish , but an update it bring out this hebdomad to its admonitory , in combination with the publication of update , substantiate it was detect by the NSA . mastery may be fulfil on a compromise political machine by an adversary uncoerced to work the impuissance . For a secure onslaught the attacker command the parole . In its consultative , VMware say , “ A malicious doer with web approach to the administrative configurator on port wine 8443 and a valid configurator admin business relationship parole may run bid with nonsensitive prerogative on the inherent go system of rules . ”