This vulnerability affects versions 8.0, 8.1, 8.5, and 8.6.
The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the critical severity range with a maximum CVSSv3 base score of 9.4.
Known Attack Vectors
A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.
The details of the vulnerability and how to patch it are available in the following VMware Security Advisory - https://www.vmware.com/security/advisories/VMSA-2021-0012.html.
Please take the time to review the VMSA if you haven’t already.
Due to the nature of this vulnerability, VMware strongly recommends that the applicable patch be applied immediately. Please visit the VMSA for details on the necessary steps to patch this vulnerability.
To remediate CVE-2021-21998, please contact us as soon as possible.
We recently held an exclusive roundtable at IBM's Israel HQ...
In today’s threat landscape, security teams are facing an influx...
“We got a real incident and we were able to...