CVE-2021-21998

CVE Database · CVE-2021-21998

CVE-2021-21998

· CRITICALModified

CVSS v3.1

9.8

EPSS

10.62%

Published

Jun 23, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287

Affected Products (4)

vmware · carbon_black_app_control (up to 8.5.8)vulnerable

vmware · carbon_black_app_control (up to 8.6.2)vulnerable

vmware · carbon_black_app_controlvulnerable

References (2)

https://www.vmware.com/security/advisories/VMSA-2021-0012.html?

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2021-0012.html?

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs