A critical vulnerability affecting VMware Workspace ONE Access and VMware Identity Manager allows malicious actors to remotely execute arbitrary code triggering a server-side template injection. According to VMware the vulnerability is actively exploited.
Read full article on InfoQ