• Menu
  • Skip to main content
  • Skip to primary sidebar

All Tech News

Latest Technology News

VMware Patches Critical Vulnerability in Carbon Black App Control Product

You are here: Home / Cyber Security News / VMware Patches Critical Vulnerability in Carbon Black App Control Product

VMware on Tuesday introduced patches to handle a critical security vulnerability affecting its Carbon Black Application Management product or service.

Tracked as CVE-2023-20858, the shortcoming carries a CVSS rating of 9.1 out of a utmost of 10 and impacts Application Command versions 8.7.x, 8.8.x, and 8.9.x.

The virtualization companies provider describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with identifying and reporting the bug.

“A destructive actor with privileged access to the Application Command administration console may perhaps be ready to use specifically crafted input allowing for access to the fundamental server functioning system,” the business stated in an advisory.

VMware mentioned there are no workarounds that resolve the flaw, necessitating that customers update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate probable pitfalls.

It really is value pointing out that Jääskelä was also credited with reporting two critical vulnerabilities in the same solution (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) that had been solved by VMware in March 2022.

Also preset by the company is an XML Exterior Entity (XXE) Vulnerability (CVE-2023-20855, CVSS score: 8.8) affecting vRealize Orchestrator, vRealize Automation, and Cloud Foundation.

“A malicious actor, with non-administrative access to vRealize Orchestrator, may perhaps be capable to use specifically crafted enter to bypass XML parsing constraints leading to access to sensitive information or doable escalation of privileges,” VMware said.

It really is not unusual for threat actors to concentrate on Fortinet merchandise vulnerabilities in their assaults so it really is essential that users install the patches as before long as feasible.

Identified this report interesting? Follow us on Twitter  and LinkedIn to examine far more distinctive information we publish.

Some parts of this article are sourced from:
thehackernews.com

Previous Post: «AllTech.News New approach to ‘punishment and reward’ method of training artificial intelligence offers potential key to unlock new treatments for aggressive cancers
Next Post: U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors
  • Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
  • State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments
  • Securing Agentic AI: How to Protect the Invisible Identity Access
  • AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Copyright © 2025 · AllTech.News, All Rights Reserved.