The business concern boost accentuate that the admin describe of the configurator is inner to the strike good and that a password is place at deployment for it . control may be fulfil on a compromise simple machine by an opposer leave to exploit the impuissance . For a adept blast the attacker want the word . The fresh place impuissance , monitor as CVE-2020 - 4006 , has been downgrade from decisive to grievous harshness ( its CVSS sexual conquest felled seam from 9.1 to 7.2 ) , since VMware identify that valid countersign for the configurator admin history are require for an trespasser seem to tap the hemipteran . workspace ONE Access , antecedently VMware Identity Manager , render multi - agent authentication , unmarried polarity - on , and conditional memory access capableness for SaaS , smartphone and vane diligence . Workspace ONE Access , Access Connector , Identity Manager , Identity Manager Connector , Cloud Base , and vRealize Suite Lifecycle Manager have been institute to be deflower by the require shot beleaguer . VMware did not originally deliver details on who constitute the protective covering defect , but an update it liberate this week to its admonitory , in compounding with the issue of update , sustain it was detect by the NSA . Workaround rule of thumb for the problem were too unloose by VMware . In its consultative , VMware put forward , “ A malicious thespian with meshing access to the administrative configurator on port 8443 and a valid configurator admin news report countersign may carry through overtop with unexclusive privilege on the underlying run organisation . ” For the infected commodity , update have been unloosen for both Linux and Windows .