• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware patches critical vulnerability in carbon black app control product

VMware Patches Critical Vulnerability in Carbon Black App Control Product

You are here: Home / General Cyber Security News / VMware Patches Critical Vulnerability in Carbon Black App Control Product
February 22, 2023

VMware on Tuesday produced patches to address a critical security vulnerability impacting its Carbon Black App Regulate merchandise.

Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a highest of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x.

The virtualization products and services supplier describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with finding and reporting the bug.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“A malicious actor with privileged accessibility to the App Manage administration console may well be able to use specifically crafted enter enabling access to the fundamental server running technique,” the firm reported in an advisory.

VMware claimed there are no workarounds that take care of the flaw, necessitating that clients update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate possible risks.

It is really truly worth pointing out that Jääskelä was also credited with reporting two critical vulnerabilities in the identical products (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) that were being fixed by VMware in March 2022.

Also preset by the firm is an XML External Entity (XXE) Vulnerability (CVE-2023-20855, CVSS rating: 8.8) impacting vRealize Orchestrator, vRealize Automation, and Cloud Foundation.

“A destructive actor, with non-administrative accessibility to vRealize Orchestrator, may perhaps be in a position to use specifically crafted input to bypass XML parsing limitations top to access to sensitive data or probable escalation of privileges,” VMware said.

It really is not unusual for menace actors to concentrate on Fortinet product or service vulnerabilities in their attacks so it can be crucial that consumers set up the patches as soon as doable.

Observed this post exciting? Abide by us on Twitter  and LinkedIn to browse far more unique material we put up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News New Privilege Escalation Bug Class Found on macOS and iOS
Next Post: U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog u.s. cybersecurity agency cisa adds three new vulnerabilities in kev»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.