The vulnerability tracked as CVE-2020-4006 is a command injection bug with a 9.1/10 CVSSv3 severity rating. It allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. The vulnerability affects some versions of VMware Workspace One Access, Identity Manager, and Identity Manager Connector. The company is still working on releasing security updates to address the zero-day vulnerability, but provides admins with a temporary workaround designed to fully remove the attack vector.
Source: https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-zero-day-vulnerability-in-workspace-one/