Carbon Black App Control Vulnerability

Impacted Products

This vulnerability affects versions 8.0, 8.1, 8.5, and 8.6.

The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.4.

  • Advisory ID:  VMSA-2021-0012
  • CVSSv3 Range:  9.4
  • Issue Date:  2021-06-22
  • CVE(s):  CVE-2021-21998
  • Synopsis:  VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)

Known Attack Vectors

A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

Further Information

The details of the vulnerability and how to patch it are available in the following VMware Security Advisory - https://www.vmware.com/security/advisories/VMSA-2021-0012.html.

Please take the time to review the VMSA if you haven’t already.

Due to the nature of this vulnerability, VMware strongly recommends that the applicable patch be applied immediately. Please visit the VMSA for details on the necessary steps to patch this vulnerability.


To remediate CVE-2021-21998, please contact us as soon as possible.

About qmasters

QMasters was founded in 2015 to help Israeli governmental, military, niche security, and municipality offices protect themselves from cyber-attacks. As the cyber security threats grow year after year, so does our list of customers. We are a team of 30+ security experts committed to solving security challenges with the right combination of strategies and technologies.

you might also like:

FortiOS Flaw Exploited as Zero-Day in Attacks

On December 12, Fortinet reported on a heap-based buffer overflow...

תגובה לאירועי אבטחה – Incident Response

לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...

ClearPass Vulnerability Alert

Aruba has informed us about a new security advisory for...

VIDEO: Carbon Black Webinar - Investigating an Incident

This video link has expired. Please contact Michelle at [email protected]...

1 2 3 6

Join our newsletter!


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram