• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware issues patches for critical flaws affecting carbon black app

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

You are here: Home / General Cyber Security News / VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
March 24, 2022

VMware on Wednesday introduced program updates to plug two critical security vulnerabilities impacting its Carbon Black Application Handle platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows techniques.

Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a optimum of 10 on the CVSS vulnerability scoring method. Credited with reporting the two issues is security researcher Jari Jääskelä.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


That explained, effective exploitation of the vulnerabilities banks on the prerequisite that the attacker is now logged in as an administrator or a highly privileged user.

VMware Carbon Black App Regulate is an software let listing remedy which is applied to lock down servers and critical programs, prevent unwanted modifications, and assure constant compliance with regulatory mandates.

CVE-2022-22951 has been explained as a command injection vulnerability that could allow an authenticated, significant privileged actor with network obtain to the VMware App Manage administration interface to “execute commands on the server thanks to improper input validation leading to remote code execution.”

Prevent Data Breaches

CVE-2022-22952, on the other hand, relates to a file add vulnerability that could be weaponized by an adversary with administrative entry to the VMware App Command administration interface to upload a specifically crafted file and reach code execution on the Windows occasion.

The flaws have an effect on Carbon Black Application Handle versions 8.5.x, 8.6.x, 8.7.x, and 8.8.x, and have been remediated in variations 8.5.14, 8.6.6, 8.7.4, and 8.8.2. With unpatched VMware bugs starting to be a valuable attack vector, consumers are proposed to apply the updates to avoid potential exploitation.

Found this short article appealing? Observe THN on Facebook, Twitter  and LinkedIn to read more exclusive written content we publish.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Prison for New Orleanian who Exploited Patients’ Stolen Data
Next Post: Over 200 Malicious NPM Packages Caught Targeting Azure Developers over 200 malicious npm packages caught targeting azure developers»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.