Security News > 2021 > April > VMware fixes authentication bypass in data center security software
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.
VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments.
This security vulnerability impacts VMware Carbon Black Cloud Workload appliance version 1.0.1 and earlier.
VMware evaluated the security bug as critical severity, assigning it a CVSSv3 base score of 9.1/10. The vulnerability was discovered and privately reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.
VMware has also issued mitigation information for admins who can't immediately patch their VMware Carbon Black Cloud Workload appliances.
On Tuesday, VMware patched two other vulnerabilities found by Dimitrenko in the vRealize Operations IT operations management platform.
News URL
Related news
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Snowblind malware abuses Android security feature to bypass security (source)
- Docker fixes critical 5-year old authentication bypass flaw (source)