VMware Releases Security Updates for Carbon Black Cloud Workload appliance

Threat ID:: CC-3811
Threat Severity:: Information only
Published:: 6 April 2021 2:11 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

VMware Carbon Black Cloud Workload appliance: Versions 1.0.1 and earlier

Threat details

Introduction

VMware has released an update to address a critical vulnerability in VMware Carbon Black Cloud Workload appliance. An attacker could exploit this vulnerability to bypass authentication and take control of an affected system.

Remediation advice

Organisations are encouraged to review VMware security advisory VMSA-2021-0005 and apply any necessary updates. More information about this patch can be found at VMware Carbon Black Cloud Workload 1.0.2 Release Notes.

CVE Vulnerabilities

Status Published

CVE-2021-21982

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Last edited: 6 April 2021 2:15 pm