VMware repairs authentication bypass in Carbon Black App Control
VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability which allows access to the server without authentication.
Carbon Black App Control is designed for corporate environments, to harden the security of systems both old and new, and protect them against unauthorized modifications, such as those generated by malware or zero-day exploits.
Tracked as CVE-2021-21998, the vulnerability is an authentication bypass affecting VMware Carbon Black App Control (AppC) versions 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before 8.6.2.
Threat actors with access to the AppC management server could exploit the bug to gain administrative privileges without the need to authenticate, informs the security advisory from VMware. Given the role of the product in a corporate network, taking control of the AppC management server paves the way to compromising critical systems.
Depending on the environment, an attacker could leverage the vulnerability to target anything from point-of-sales (PoS) to industrial control systems. The severity score for the vulnerability has been calculated to 9.4, making it a critical issue that users and administrators should prioritize.
There are no workarounds available, and fixing the issue is possible by installing the hotfix available for AppC 8.1.x and 8.0.x, or updating to version 8.6.2 or 8.5.8 of the product.
VMware also patched a local privilege escalation bug affecting VMware Tools for Windows, VMware Remote Console for Windows (VMRC for Windows), and VMware App Volumes. The flaw is identified as CVE-2021-21999. It does not currently have a severity score from the National Institute of Standards and Technology (NIST) but VMware evaluated it at 7.8 (high severity).
Virescent Infrastructure collaborates with IBM and SAP to start its hybrid cloud journey
IBM announced that Virescent Infrastructure, a renewable energy platform backed by leading...
Aeris Communications announces Enterprise Voice Solution - Claerityai
Aeris Communications has launched the Enterprise Voice Solution – Claerityai –...
Zoom is coming with Innovations to Ignite the Next Era of Communications
Zoom has kicked off Zoomtopia 2021, unveiling plans for innovations across its platform de...
Trescon's World Cloud Show Comes Back to India for the 3rd Time with its 10th Global Edition
Taking place on 15 September 2021, the event will virtually convene India' leading Clo...
VIA unveils VIA Mobile360 Heavy Equipment Safety System at MINEXPO® 2021
VIA Technologies, Inc. today announced that it will unveil its new VIA Mobile360 Heavy Equ...
19th Infotech Forum highlights that the pandemic fast-tracked Digital Transformation escalating importance of data and security
Digital technology has transformed nearly every aspect of life, starting from travel, work...