Security News

Active attacks against a flaw in VMware's Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug. Those VMware products are two of 12 impacted by a command-injection vulnerability, tracked as CVE-2020-4006, and patched on Friday.

The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data. Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.

Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday. The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.

VMware on Thursday released patches for a Workspace ONE Access security flaw that was identified and reported by the National Security Agency. Formerly VMware Identity Manager, Workspace ONE Access delivers multi-factor authentication, single sign-on, and conditional access functionality for SaaS, mobile and web applications.

VMware has patched a zero-day bug that was disclosed in late November - an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to "Important," down from critical.

VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.

VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products. A command injection vuln could allow malicious people who have network access to the "Administrative configurator on port 8443" together with "a valid password for the configurator admin account" to execute commands with "Unrestricted privileges on the underlying operating system," said VMware.

VMware on Monday published an advisory to inform users that it's working on patching a critical command injection vulnerability affecting Workspace ONE Access and some related components. VMware has not specified if technical details of the vulnerability have been disclosed or if it has been exploited in attacks.

For the second time in less than a week, VMware is warning about a critical vulnerability. As some of these are components of the VMware Cloud Foundation and vRealize Suite Lifecycle Manager product suites, those are impacted as well.