Security News > 2021 > April > VMware Patches Critical Flaw in Carbon Black Cloud Workload
A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug.
"A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance," VMware notes in an advisory.
VMware's Carbon Black Cloud Workload is used by organizations to protect workloads on virtualized environments, offering tools for vulnerability assessment, antivirus, and threat hunting.
The researcher explains that typically the attacker should not be able to access the admin interface of VMware Carbon Black Cloud Workload from the Internet, but also points out that misconfigurations could lead to improper exposure.
Last week, VMware released version 1.0.2 of VMware Carbon Black Cloud Workload appliance, to address this vulnerability, and encourages customers to apply the update to remain protected.
Last week, VMware also released patches for a couple of vulnerabilities in vRealize Operations, which could allow attackers to write files to arbitrary locations on the underlying platform.
News URL
Related news
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (source)
- VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)