CVE-2021-21982

Name of the Vulnerable Software and Affected Versions: VMware Carbon Black Cloud Workload appliance versions 1.0.0 through 1.0.1

Description: The issue is related to an authentication bypass vulnerability in the administrative interface of the VMware Carbon Black Cloud Workload appliance. This vulnerability may allow a malicious actor with network access to obtain a valid authentication token, resulting in the ability to view and alter administrative configuration settings. The vulnerability is related to deficiencies in the authentication procedure.

Recommendations: For versions 1.0.0 and 1.0.1, update to a version newer than 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to minimize the risk of exploitation.