Remote code execution in several VMware Products

Published: 2020-11-24 | Updated: 2020-12-08
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2020-4006
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
VMware Workspace One Access
Operating systems & Components / Operating system package or component

VMware Workspace One Access Connector
Other software / Other software solutions

vRealize Suite Lifecycle Manager
Other software / Other software solutions

VMware Identity Manager
Server applications / Directory software, identity management

VMware Identity Manager Connector
Server applications / Other server solutions

Cloud Foundation
Client/Desktop applications / Virtualization software

Vendor VMware, Inc

Security Advisory

Updated: 08.12.2020

Changed bulletin patch status to fixed, raised risk level from low to medium.

1) Command Injection

Risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-4006

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No


The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the administrative configurator. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Install update from vendor's website.

Vulnerable software versions

VMware Workspace One Access: 20.01, 20.10

VMware Workspace One Access Connector:,, 20.10

VMware Identity Manager: 3.3.1, 3.3.2, 3.3.3

VMware Identity Manager Connector: 3.3.1, 3.3.2, 3.3.3, 3.32

Cloud Foundation: 4.0

vRealize Suite Lifecycle Manager: 8.0

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.