Security News > 2021 > June > Critical VMware Carbon Black Bug Allows Authentication Bypass
VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly.
Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.
VMware's advisory lists the affected products as VMware Tools for Windows, VMware Remote Console for Windows , and VMware App Volumes.
The security hole in AppC is only the latest critical problem that VMware has addressed.
More recently, in April, another critical cloud bug, again in VMWare Carbon Black, would have allowed takeover.
It would enable privilege escalation and the ability to take over the administrative rights for the VMware Carbon Black Cloud Workload appliance.
News URL
https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/