PT-2022-1901 · Vmware · Vmware Carbon Black App Control
Jari Jääskelä
+1
·
Published
2022-01-10
·
Updated
2022-03-29
·
CVE-2022-22951
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Carbon Black App Control versions 8.5.x prior to 8.5.14
VMware Carbon Black App Control versions 8.6.x prior to 8.6.6
VMware Carbon Black App Control versions 8.7.x prior to 8.7.4
VMware Carbon Black App Control versions 8.8.x prior to 8.8.2
Description
The issue exists due to improper input validation in the administration interface of VMware Carbon Black App Control, allowing an authenticated, high-privileged malicious actor with network access to execute commands on the server. This can lead to remote code execution.
Recommendations
For versions 8.5.x prior to 8.5.14, update to version 8.5.14 or later.
For versions 8.6.x prior to 8.6.6, update to version 8.6.6 or later.
For versions 8.7.x prior to 8.7.4, update to version 8.7.4 or later.
For versions 8.8.x prior to 8.8.2, update to version 8.8.2 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Carbon Black App Control