Security News > 2021 > April > VMware Patches Critical Flaw in Carbon Black Cloud Workload

VMware Patches Critical Flaw in Carbon Black Cloud Workload
2021-04-05 15:51

A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug.

"A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance," VMware notes in an advisory.

VMware's Carbon Black Cloud Workload is used by organizations to protect workloads on virtualized environments, offering tools for vulnerability assessment, antivirus, and threat hunting.

The researcher explains that typically the attacker should not be able to access the admin interface of VMware Carbon Black Cloud Workload from the Internet, but also points out that misconfigurations could lead to improper exposure.

Last week, VMware released version 1.0.2 of VMware Carbon Black Cloud Workload appliance, to address this vulnerability, and encourages customers to apply the update to remain protected.

Last week, VMware also released patches for a couple of vulnerabilities in vRealize Operations, which could allow attackers to write files to arbitrary locations on the underlying platform.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Df_U-q-xIdk/vmware-patches-critical-flaw-carbon-black-cloud-workload

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 85 404 200 101 790