Security News > 2021 > June > Critical VMware Carbon Black Bug Allows Authentication Bypass
VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly.
Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.
VMware's advisory lists the affected products as VMware Tools for Windows, VMware Remote Console for Windows , and VMware App Volumes.
The security hole in AppC is only the latest critical problem that VMware has addressed.
More recently, in April, another critical cloud bug, again in VMWare Carbon Black, would have allowed takeover.
It would enable privilege escalation and the ability to take over the administrative rights for the VMware Carbon Black Cloud Workload appliance.
News URL
https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/
Related news
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)