fkie_nvd - fkie_cve-2020-4006

fkie_cve-2020-4006

Vulnerability from fkie_nvd

Published

2020-11-23 22:15

Modified

2025-10-30 20:07

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

References

URL	Tags
security@vmware.com	https://www.vmware.com/security/advisories/VMSA-2020-0027.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/724367	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2020-0027.html	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4006	US Government Resource

Impacted products

Vendor	Product	Version
vmware	identity_manager	3.3.1
vmware	identity_manager	3.3.2
vmware	identity_manager	3.3.3
vmware	identity_manager_connector	3.3.1
vmware	identity_manager_connector	3.3.2
vmware	one_access	20.01
vmware	one_access	20.10
linux	linux_kernel	-
vmware	identity_manager_connector	3.3.1
vmware	identity_manager_connector	3.3.2
vmware	identity_manager_connector	3.3.3
microsoft	windows	-
vmware	cloud_foundation	4.0
vmware	cloud_foundation	4.0.1
vmware	vrealize_suite_lifecycle_manager	*

JSON

To clipboard

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Multiple VMware Products Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DAA017-7535-47D6-A4C7-59F69ED0F43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:one_access:20.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A251628-E02A-42B2-85E4-71C2B6F09BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:one_access:20.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86477D5-C441-490C-A9D3-9CDE47542191",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D035B36-3D87-494F-B147-6D03F2B1A375",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
              "versionEndIncluding": "8.2",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability."
    },
    {
      "lang": "es",
      "value": "VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyecci\u00f3n de comandos"
    }
  ],
  "id": "CVE-2020-4006",
  "lastModified": "2025-10-30T20:07:02.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-11-23T22:15:12.663",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/724367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4006"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2020-4006 (GCVE-0-2020-4006)

Vulnerability from cvelistv5

Published

2020-11-23 21:22

Modified

2025-10-21 23:35

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Command Injection

Summary

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

References

URL

Tags

https://www.vmware.com/security/advisories/VMSA-2020-0027.html

x_refsource_MISC