Thursday, February 23, 2023
HomeInformation SecurityVMware Patches Essential Vulnerability in Carbon Black App Management Product

VMware Patches Essential Vulnerability in Carbon Black App Management Product


Feb 22, 2023Ravie LakshmananVulnerability / Enterprise Safety

VMware on Tuesday launched patches to handle a important safety vulnerability affecting its Carbon Black App Management product.

Tracked as CVE-2023-20858, the shortcoming carries a CVSS rating of 9.1 out of a most of 10 and impacts App Management variations 8.7.x, 8.8.x, and eight.9.x.

The virtualization companies supplier describes the difficulty as an injection vulnerability. Safety researcher Jari Jääskelä has been credited with discovering and reporting the bug.

“A malicious actor with privileged entry to the App Management administration console could possibly use specifically crafted enter permitting entry to the underlying server working system,” the corporate mentioned in an advisory.

VMware mentioned there aren’t any workarounds that resolve the flaw, necessitating that prospects replace to variations 8.7.8, 8.8.6, and eight.9.4 to mitigate potential dangers.

It is price stating that Jääskelä was additionally credited with reporting two important vulnerabilities in the identical product (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) that had been resolved by VMware in March 2022.

Additionally mounted by the corporate is an XML Exterior Entity (XXE) Vulnerability (CVE-2023-20855, CVSS rating: 8.8) affecting vRealize Orchestrator, vRealize Automation, and Cloud Basis.

“A malicious actor, with non-administrative entry to vRealize Orchestrator, could possibly use specifically crafted enter to bypass XML parsing restrictions resulting in entry to delicate info or potential escalation of privileges,” VMware mentioned.

It is not unusual for risk actors to focus on VMware product vulnerabilities of their assaults so it is essential that customers set up the patches as quickly as potential.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments