By Justin Katz Dec 09, 2020 The National Security Agency today announced vulnerabilities in cloud software are being exploited by Russia-sponsored threat actors to access protected data. A vulnerability in VMware Access and VMware Identity Manager products allows attackers access to protected data. VMware released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on Dec. 3. The attack requires a hacker to have credentials to obtain access to the management interface, according to the Dec. 7 NSA statement. Once inside, hackers can leverage the flaw to forge additional credentials to obtain protected data. NSA's advisory stresses the importance of patching by National Security System, Department of Defense and defense industrial base administrators.