February 23, 2023

VMware Patches a Critical Vulnerability in Carbon Black App Control

Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control.

The Vulnerability:

CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially crafted input to get access to the underlying server operating system.

Affected Products:

• Carbon Black App Control 8.7.x prior to 8.7.8
• Carbon Black App Control 8.8.x prior to 8.8.6

• Carbon Black App Control 8.9.x.prior to 8.9.4

Mitigation:

CYREBRO recommends to all who use affected products to upgrade to versions 8.9.4, 8.8.6 and 8.7.8 or later.

References: VMware Advisory