Security News > 2021 > April > VMware fixes authentication bypass in data center security software
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.
VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments.
This security vulnerability impacts VMware Carbon Black Cloud Workload appliance version 1.0.1 and earlier.
VMware evaluated the security bug as critical severity, assigning it a CVSSv3 base score of 9.1/10. The vulnerability was discovered and privately reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.
VMware has also issued mitigation information for admins who can't immediately patch their VMware Carbon Black Cloud Workload appliances.
On Tuesday, VMware patched two other vulnerabilities found by Dimitrenko in the vRealize Operations IT operations management platform.
News URL
Related news
- Broadcom warns of authentication bypass in VMware Windows Tools (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)