workspace ONE Access , previously VMware Identity Manager , render multi - factor hallmark , one house - on , and conditional admission capability for SaaS , smartphone and net practical application . The newly discover impuissance , monitor as CVE-2020 - 4006 , has been downgrade from vital to severe austereness ( its CVSS grade vanish from 9.1 to 7.2 ) , since VMware describe that valid password for the configurator admin news report are demand for an intruder bet to tap the wiretap . VMware did not originally rich person contingent on who find out the aegis defect , but an update it loose this calendar week to its warning , in combining with the publication of update , reassert it was discover by the NSA . Workaround rule of thumb for the job were too release by VMware . control may be action on a compromise motorcar by an opposition willing to exploit the impuissance . In its consultative , VMware United States Department of State , “ A malicious player with mesh approach to the administrative configurator on port wine 8443 and a valid configurator admin accounting parole may action program line with unrestricted favor on the inherent manoeuver system of rules . ” The stage business further stress that the admin accounting of the configurator is intimate to the bear upon good and that a parole is set at deployment for it . For a in force onrush the aggressor ask the parole . Workspace ONE Access , Access Connector , Identity Manager , Identity Manager Connector , Cloud Base , and vRealize Suite Lifecycle Manager have been notice to be impair by the program line injectant badger . For the infect trade good , update have been unloosen for both Linux and Windows .