To exploit VMware's vulnerability, an attacker must have access to the device’s management interface. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data. Chris Morales, our head of security analytics, discusses howthat this is why granted access does not equate to trusted access.