CVE-2023-20858

Name of the Vulnerable Software and Affected Versions VMware Carbon Black App Control versions 8.7.x through 8.7.7 VMware Carbon Black App Control versions 8.8.x through 8.8.5 VMware Carbon Black App Control versions 8.9.x prior to 8.9.4

Description The issue is related to an injection vulnerability in the administration console of VMware Carbon Black App Control. A malicious actor with privileged access may be able to use specially crafted input to access the underlying server operating system. This could potentially allow the execution of arbitrary code.

Recommendations For versions 8.7.x through 8.7.7, update to version 8.7.8 or later. For versions 8.8.x through 8.8.5, update to version 8.8.6 or later. For versions 8.9.x prior to 8.9.4, update to version 8.9.4 or later. As a temporary workaround, consider restricting access to the administration console to minimize the risk of exploitation.