Security News > 2021 > April > Critical Cloud Bug in VMWare Carbon Black Allows Takeover
A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.
The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware's vSphere platform.
"A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication," the company noted.
Companies are urged to update to the latest version, version 1.0.2, of the VMware Carbon Black Cloud Workload appliance, which contains a fix.
The security hole is only the latest critical problem that VMware has addressed.
In February for instance, VMware patched three vulnerabilities in its virtual-machine infrastructure for data centers, including a remote code execution flaw in its vCenter Server management platform.
News URL
https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/