Security News > 2020 > November > VMware releases workarounds for another critical flaw (CVE-2020-4006)
2020-11-24 10:13
For the second time in less than a week, VMware is warning about a critical vulnerability.
As some of these are components of the VMware Cloud Foundation and vRealize Suite Lifecycle Manager product suites, those are impacted as well.
x. VMware did not say whether the flaw is under active exploitation, but they released workarounds as they are working on the patches.
Last week, VMware patched critical flaws in its ESXi hypervisor that were exploited during the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month.
VMware has re-classified CVE-2020-4006, lowering its severity.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fq1jzhA-InM/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |