VMware Carbon Black has published an update to resolve critical authentication bypass vulnerability on Carbon Black App Control product. App Control is a solution to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates.
This authentication bypass vulnerability was followed by CVE-2021-21998. VMware Carbon Black App Control versions 8.6.x, 8.5.x, 8.1.x, and 8.0.x are affected by this vulnerability.
With this auth bypass vulnerability, threat actors who can access to the management server of the App Control application can bypass the authentication and get admin privilege. With this privilege, attackers can seize critical information on the system and can deactivate EPP and EDR features on the target systems.
VMware announced that the vulnerability has been solved with the 8.6.2 and 8.5.8 versions. It is critical to upgrade the system not to be affected from critical attacks.