VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
https://www.vmware.com/security/advisories/VMSA-2020-0027.html
Source: MITRE
Published: 2020-11-23
Updated: 2020-12-10
Type: CWE-77
Base Score: 9
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8
Severity: HIGH
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 2.3
Severity: CRITICAL
AND
OR
cpe:2.3:a:vmware:identity_manager:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*
OR
AND
OR
cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:identity_manager_connector:3.3.3:*:*:*:*:*:*:*
OR
OR
cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:* versions from 8.0 to 8.2 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
143574 | VMware Workspace One Access / VMware Identity Manager Command Injection Vulnerability (VMSA-2020-0027) | Nessus | CGI abuses | high |