CVE-2021-21998
published 2021-06-23CVE-2021-21998: VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | carbon_black_app_control | — | — |
| vmware | carbon_black_app_control | — | — |
| vmware | carbon_black_app_control | >= 8.5 < 8.5.8 | 8.5.8 |
| vmware | carbon_black_app_control | >= 8.6 < 8.6.2 | 8.6.2 |