VMware Falls on Report Its Software Led to SolarWinds Breach

VMware Inc. fell 5.4% after a cybersecurity expert said a flaw in the company’s products was partly responsible for the SolarWinds breach that is roiling U.S. companies and government agencies.

The flaw was outlined Friday in an article by Brian Krebs, who said the U.S. National Security Agency pointed to a vulnerability in VMware Access and VMware Identity Manager products, citing unidentified sources. VMware said it has “received no notification or indication” that its products were used “in conjunction with the SolarWinds supply chain compromise.”

“While we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation,” Palo Alto, California-based VMware said Friday in a statement.

A vast number of investigations are underway inside federal agencies and private-sector companies to determine the extent of a broad cyber-attack by suspected Russian hackers, one that will likely spill well into the Biden administration before anyone can determine the full extent of the damage.

Shares in VMware, majority owned by Dell Technologies Inc., declined to $140.14 at the close in New York and have dipped 5.9% this year.

©2020 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.