Jjaaskela

**Name of the Vulnerable Software and Affected Versions** VMware Carbon Black App Control versions 8.7.x through 8.7.7 VMware Carbon Black App Control versions 8.8.x through 8.8.5 VMware Carbon Black App Control versions 8.9.x prior to 8.9.4 **Description** The issue is related to an injection vulnerability in the administration console of VMware Carbon Black App Control. A malicious actor with privileged access may be able to use specially crafted input to access the underlying server operating system. This could potentially allow the execution of arbitrary code. **Recommendations** For versions 8.7.x through 8.7.7, update to version 8.7.8 or later. For versions 8.8.x through 8.8.5, update to version 8.8.6 or later. For versions 8.9.x prior to 8.9.4, update to version 8.9.4 or later. As a temporary workaround, consider restricting access to the administration console to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware vCloud Director (affected versions not specified) **Description** The issue is related to insufficient input validation in the VMware vCloud Director platform, which can be exploited by a remote attacker to execute arbitrary code. An authenticated, high-privileged malicious actor with network access to the VMware Cloud Director tenant or provider may exploit this vulnerability to gain access to the server. This can potentially allow attackers to gain access to sensitive data and take over private clouds within an entire infrastructure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Carbon Black App Control versions 8.5.x prior to 8.5.14 VMware Carbon Black App Control versions 8.6.x prior to 8.6.6 VMware Carbon Black App Control versions 8.7.x prior to 8.7.4 VMware Carbon Black App Control versions 8.8.x prior to 8.8.2 **Description** The issue exists due to improper input validation in the administration interface of VMware Carbon Black App Control, allowing an authenticated, high-privileged malicious actor with network access to execute commands on the server. This can lead to remote code execution. **Recommendations** For versions 8.5.x prior to 8.5.14, update to version 8.5.14 or later. For versions 8.6.x prior to 8.6.6, update to version 8.6.6 or later. For versions 8.7.x prior to 8.7.4, update to version 8.7.4 or later. For versions 8.8.x prior to 8.8.2, update to version 8.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** VMware Carbon Black App Control versions 8.5.x prior to 8.5.14 VMware Carbon Black App Control versions 8.6.x prior to 8.6.6 VMware Carbon Black App Control versions 8.7.x prior to 8.7.4 VMware Carbon Black App Control versions 8.8.x prior to 8.8.2 **Description** The issue is related to a file upload vulnerability in the administration interface of VMware Carbon Black App Control. This vulnerability can be exploited by a malicious actor with administrative access to the interface, allowing them to execute arbitrary code on the Windows instance where AppC Server is installed by uploading a specially crafted file. **Recommendations** For versions 8.5.x prior to 8.5.14, update to version 8.5.14 or later. For versions 8.6.x prior to 8.6.6, update to version 8.6.6 or later. For versions 8.7.x prior to 8.7.4, update to version 8.7.4 or later. For versions 8.8.x prior to 8.8.2, update to version 8.8.2 or later.