Description

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Related CPE's

a

vmware

carbon_black_cloud_workload

Vulnerable

o

linux

linux_kernel

-

References

https://www.vmware.com/security/advisories/VMSA-2021-0005.html

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2021-0005.html

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-01T17:15:13.560Z

4 years ago

Last modified

2024-11-21T04:49:22.057Z

1 year ago