VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows.
VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines.
Carbon Black App Control allows to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates.
An attacker could exploit the flaw to gain unauthenticated administrative access to the application.
“An authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware.” reads the security advisory published by the company. “A malicious actor with network access to the Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.”
The CVE-2021-21998 vulnerability has received a CVSSv3 base score of 9.4.
The company addressed the flaw with the release of Carbon Black App Control (AppC) 8.6.2 and 8.5.8, and a hotfix for the 8.1.x and 8.0.x versions of AppC.
The company informed its customers that there are no workarounds to mitigate this flaw.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, VMWare)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows.
VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines.
Carbon Black App Control allows to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates.
An attacker could exploit the flaw to gain unauthenticated administrative access to the application.
“An authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware.” reads the security advisory published by the company. “A malicious actor with network access to the Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.”
The CVE-2021-21998 vulnerability has received a CVSSv3 base score of 9.4.
The company addressed the flaw with the release of Carbon Black App Control (AppC) 8.6.2 and 8.5.8, and a hotfix for the 8.1.x and 8.0.x versions of AppC.
The company informed its customers that there are no workarounds to mitigate this flaw.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, VMWare)