Skip to main content

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

posted onApril 7, 2021
by l33tdawg
Threat Post
Credit: Threat Post

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution.

The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale.

The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware’s vSphere platform. vSphere is VMware’s cloud-computing virtualization platform. The issue in the appliance stems from incorrect URL handling, according to VMware’s advisory issued last week. “A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication,” the company noted. “An adversary who has already gained network access to the administrative interface of the appliance may be able to obtain a valid authentication token.”

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th