Description

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Related CPE's

a

vmware

carbon_black_cloud_workload

Vulnerable

o

linux

linux_kernel

-

References

https://www.vmware.com/security/advisories/VMSA-2021-0005.html

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-01T19:15:13.560

4 years ago

Last modified

2021-04-06T16:29:30.443

4 years ago