Hi All,
The NSA issued the following cybersecurity warning:
Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware®1 Access and VMware Identity
Manager2 products [1], allowing the actors access to protected data and abusing federated authentication. VMware
released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on December 3
rd 2020. NSA encourages National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network
administrators to prioritize mitigation of the vulnerability on affected servers.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------