VMware Patches Critical Vulnerability in Carbon Black App Control Product

vmware

VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product.

Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x.

The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with discovering and reporting the bug.

“A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system,” the company said in an advisory.

VMware said there are no workarounds that resolve the flaw, necessitating that customers update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks.

It’s worth pointing out that Jääskelä was also credited with reporting two critical vulnerabilities in the same product (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) that were resolved by VMware in March 2022.

Also fixed by the company is an XML External Entity (XXE) Vulnerability (CVE-2023-20855, CVSS score: 8.8) affecting vRealize Orchestrator, vRealize Automation, and Cloud Foundation.

“A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges,” VMware said.

It’s not uncommon for threat actors to target Fortinet product vulnerabilities in their attacks so it’s crucial that users install the patches as soon as possible.



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn