Security News > 2021 > April > Critical Cloud Bug in VMWare Carbon Black Allows Takeover
A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.
The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware's vSphere platform.
"A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication," the company noted.
Companies are urged to update to the latest version, version 1.0.2, of the VMware Carbon Black Cloud Workload appliance, which contains a fix.
The security hole is only the latest critical problem that VMware has addressed.
In February for instance, VMware patched three vulnerabilities in its virtual-machine infrastructure for data centers, including a remote code execution flaw in its vCenter Server management platform.
News URL
https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/
Related news
- Critical flaw in NVIDIA Container Toolkit allows full host takeover (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks (source)
- AWS Cloud Development Kit flaw exposed accounts to full takeover (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)