Security News > 2021 > June > Critical VMware Carbon Black Bug Allows Authentication Bypass

Critical VMware Carbon Black Bug Allows Authentication Bypass
2021-06-24 15:31

VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly.

Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.

VMware's advisory lists the affected products as VMware Tools for Windows, VMware Remote Console for Windows , and VMware App Volumes.

The security hole in AppC is only the latest critical problem that VMware has addressed.

More recently, in April, another critical cloud bug, again in VMWare Carbon Black, would have allowed takeover.

It would enable privilege escalation and the ability to take over the administrative rights for the VMware Carbon Black Cloud Workload appliance.


News URL

https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 85 404 200 101 790