VMware Releases Patches for Critical Security Vulnerabilities in Carbon Black App Control and vRealize Products

VMware Releases Patches for Critical Security Vulnerabilities in Carbon Black App Control and vRealize Products

On Tuesday, VMware announced the release of security patches to address critical vulnerabilities in its Carbon Black App Control and vRealize product lines. The company described the Carbon Black App Control vulnerability, tracked as CVE-2023-20858, as an injection vulnerability that carries a CVSS score of 9.1 out of 10. The flaw affects versions 8.7.x, 8.8.x, and 8.9.x of the product.

According to the security advisory, a malicious actor with privileged access to the App Control administration console could use specially crafted input to gain access to the underlying server operating system. VMware credited security researcher Jari Jääskelä for discovering and reporting the flaw.

The company stated that there are no workarounds to resolve the vulnerability and that customers must update to versions 8.7.8, 8.8.6, or 8.9.4 to mitigate potential risks. It's worth noting that Jääskelä was also credited with discovering and reporting two other critical vulnerabilities (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) in the same product that VMware resolved in March 2022.

VMware also addressed an XML External Entity (XXE) Vulnerability (CVE-2023-20855, CVSS score: 8.8) affecting vRealize Orchestrator, vRealize Automation, and Cloud Foundation. The company explained that a threat actor with non-administrative access to vRealize Orchestrator could use specially crafted input to bypass XML parsing restrictions, leading to access to sensitive information or possible privilege escalation.

VMware emphasized the importance of users installing the patches as soon as possible, as it's not uncommon for threat actors to target vulnerabilities in VMware products. By applying these security updates, customers can effectively mitigate potential risks and protect their systems from exploitation.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!

Did you find this article valuable?

Support Hacker's Haven by becoming a sponsor. Any amount is appreciated!