VMware Patches a Critical Vulnerability in Carbon Black App Control
February 23, 2023
VMware Patches a Critical Vulnerability in Carbon Black App Control
Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control.
The Vulnerability:
CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially crafted input to get access to the underlying server operating system.
Affected Products:
- Carbon Black App Control 8.7.x prior to 8.7.8
- Carbon Black App Control 8.8.x prior to 8.8.6
- Carbon Black App Control 8.9.x.prior to 8.9.4
Mitigation:
CYREBRO recommends to all who use affected products to upgrade to versions 8.9.4, 8.8.6 and 8.7.8 or later.
References: VMware Advisory
