Security News > 2021 > June > Critical VMware Carbon Black Bug Allows Authentication Bypass
VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly.
Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.
VMware's advisory lists the affected products as VMware Tools for Windows, VMware Remote Console for Windows , and VMware App Volumes.
The security hole in AppC is only the latest critical problem that VMware has addressed.
More recently, in April, another critical cloud bug, again in VMWare Carbon Black, would have allowed takeover.
It would enable privilege escalation and the ability to take over the administrative rights for the VMware Carbon Black Cloud Workload appliance.
News URL
https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/
Related news
- Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (source)
- VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- QNAP warns of critical auth bypass flaw in its NAS devices (source)