PT-2022-1902 · Vmware · Vmware Carbon Black App Control
Jari Jääskelä
+1
·
Published
2022-01-10
·
Updated
2022-03-31
·
CVE-2022-22952
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Carbon Black App Control versions 8.5.x prior to 8.5.14
VMware Carbon Black App Control versions 8.6.x prior to 8.6.6
VMware Carbon Black App Control versions 8.7.x prior to 8.7.4
VMware Carbon Black App Control versions 8.8.x prior to 8.8.2
Description
The issue is related to a file upload vulnerability in the administration interface of VMware Carbon Black App Control. This vulnerability can be exploited by a malicious actor with administrative access to the interface, allowing them to execute arbitrary code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
Recommendations
For versions 8.5.x prior to 8.5.14, update to version 8.5.14 or later.
For versions 8.6.x prior to 8.6.6, update to version 8.6.6 or later.
For versions 8.7.x prior to 8.7.4, update to version 8.7.4 or later.
For versions 8.8.x prior to 8.8.2, update to version 8.8.2 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Carbon Black App Control