Security News > 2020 > November > VMware releases workarounds for another critical flaw (CVE-2020-4006)

VMware releases workarounds for another critical flaw (CVE-2020-4006)
2020-11-24 10:13

For the second time in less than a week, VMware is warning about a critical vulnerability.

As some of these are components of the VMware Cloud Foundation and vRealize Suite Lifecycle Manager product suites, those are impacted as well.

x. VMware did not say whether the flaw is under active exploitation, but they released workarounds as they are working on the patches.

Last week, VMware patched critical flaws in its ESXi hypervisor that were exploited during the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month.

VMware has re-classified CVE-2020-4006, lowering its severity.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/fq1jzhA-InM/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-4006 OS Command Injection vulnerability in VMWare products
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
network
low complexity
vmware CWE-78
critical
 9.1
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591