VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines.
Carbon Black App Control allows to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates.
An attacker could exploit the flaw to gain unauthenticated administrative access to the application.
“An authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware.” reads the security advisory published by the company. “A malicious actor with network access to the Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.”
The CVE-2021-21998 vulnerability has received a CVSSv3 base score of 9.4.
The company addressed the flaw with the release of Carbon Black App Control (AppC) 8.6.2 and 8.5.8, and a hotfix for the 8.1.x and 8.0.x versions of AppC.
The company informed its customers that there are no workarounds to mitigate this flaw.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, VMWare)
[adrotate banner=”5″]
[adrotate banner=”13″]
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading…
Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to…
This website uses cookies.
