Security News > 2021 > June > Critical VMware Carbon Black Bug Allows Authentication Bypass
VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly.
Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.
VMware's advisory lists the affected products as VMware Tools for Windows, VMware Remote Console for Windows , and VMware App Volumes.
The security hole in AppC is only the latest critical problem that VMware has addressed.
More recently, in April, another critical cloud bug, again in VMWare Carbon Black, would have allowed takeover.
It would enable privilege escalation and the ability to take over the administrative rights for the VMware Carbon Black Cloud Workload appliance.
News URL
https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/
Related news
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
- Hewlett Packard Enterprise warns of critical StoreOnce auth bypass (source)
- HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass (source)
- Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI (source)