Carbon Black App Control Vulnerability

Impacted Products

This vulnerability affects versions 8.0, 8.1, 8.5, and 8.6.

The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.4.

  • Advisory ID:  VMSA-2021-0012
  • CVSSv3 Range:  9.4
  • Issue Date:  2021-06-22
  • CVE(s):  CVE-2021-21998
  • Synopsis:  VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)

Known Attack Vectors

A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

Further Information

The details of the vulnerability and how to patch it are available in the following VMware Security Advisory -

Please take the time to review the VMSA if you haven’t already.

Due to the nature of this vulnerability, VMware strongly recommends that the applicable patch be applied immediately. Please visit the VMSA for details on the necessary steps to patch this vulnerability.


To remediate CVE-2021-21998, please contact us as soon as possible.

About qmasters

QMasters was founded in 2015 to help Israeli governmental, military, niche security, and municipality offices protect themselves from cyber-attacks. As the cyber security threats grow year after year, so does our list of customers. We are a team of 30+ security experts committed to solving security challenges with the right combination of strategies and technologies.

you might also like:

Understanding UBA (IBM QRadar)

We recently held an exclusive roundtable at IBM's Israel HQ...

COMING SOON: Vulnerability Management - Carbon Black Cloud

In today’s threat landscape, security teams are facing an influx...

Case Study: Insurance Company

“We got a real incident and we were able to...

1 2 3 6

Join our newsletter!



    linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram