CVE-2023-20858
published 2023-02-22CVE-2023-20858: VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | carbon_black_app_control | >= 8.7.0 < 8.7.8 | 8.7.8 |
| vmware | carbon_black_app_control | >= 8.8.0 < 8.8.6 | 8.8.6 |
| vmware | carbon_black_app_control | >= 8.9.0 < 8.9.4 | 8.9.4 |