Critical Vulnerability Update — VMware Carbon Black Cloud Workload Appliance

Home/Security Update, Software Issues/Critical Vulnerability Update — VMware Carbon Black Cloud Workload Appliance

Critical Vulnerability Update — VMware Carbon Black Cloud Workload Appliance

Security update is available to remediate the critical vulnerability addressing VMware Carbon Black Cloud Workload appliance.

CVE-2021-21982 — Bypass Authentication

Description

A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication.

A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

However, Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Vulnerable Products

VMware Carbon Black Cloud Workload appliance running on 1.0.1 and prior

Security Recommendation

On the other hand, VMware has evaluated the severity of this issue to be in the CRITICAL severity range with a maximum CVSSv3 base score of 9.1.

In short update to the latest version, version 1.0.2, of the VMware Carbon Black Cloud Workload appliance.

In addition, Users should also limit access to the local administrative interface of the appliance to only those that need it, VMware recommended.

https://docs.vmware.com/en/VMware-Carbon-Black-Cloud-Workload/1.0/rn/cbc-workload-102-release-notes.html

Post Views: 759
By | 2021-04-07T15:33:55+05:30 April 7th, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!