VMware Carbon Black App Control Updates Address Critical Injection Vulnerability

Today, VMware has released updates to address an injection vulnerability (CVE-2023-20858) affecting its popular product, VMware Carbon Black App Control. The vulnerability has a maximum CVSSv3 base score of 9.1 and is classified as Critical severity range.

The issue affects all users with privileged access to the App Control administration console, especially those that might use specially crafted input allowing access to the underlying server operating system.

As such, VMware recommends updating their versions of App Control as soon as possible in order to remediate CVE-2023-20858. Currently, affected versions include 8.7.x, 8.8.x, and 8.9.x for which the corresponding update can be found in the ‘Fixed Version’ column of the ‘Response Matrix.’ No workarounds are available for this vulnerability at this time, and it was privately reported by Jari Jääskelä (@JJaaskela).

Despite being classified as Critical severity range with a maximum CVSSv3 base score of 9.1, rest assured that deploying the necessary updates should protect you from exploitation, but it comes with a warning!

Cyber security is fast becoming one of the most pressing issues worldwide and no matter how vigilant your system’s defense is, it pays off even more when coupled with self-awareness when using its products or services online or near any connected device! So, make sure you keep up your vigilance even after successfully installing these updates offered by VMware Carbon Black App Control!

Response Matrix