Security News > 2021 > April > VMware fixes authentication bypass in data center security software
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.
VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments.
This security vulnerability impacts VMware Carbon Black Cloud Workload appliance version 1.0.1 and earlier.
VMware evaluated the security bug as critical severity, assigning it a CVSSv3 base score of 9.1/10. The vulnerability was discovered and privately reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.
VMware has also issued mitigation information for admins who can't immediately patch their VMware Carbon Black Cloud Workload appliances.
On Tuesday, VMware patched two other vulnerabilities found by Dimitrenko in the vRealize Operations IT operations management platform.