CVE-2022-22952

CVE Database · CVE-2022-22952

CVE-2022-22952

· CRITICALModified

CVSS v3.1

9.1

EPSS

1.42%

Published

Mar 23, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434

Affected Products (5)

vmware · carbon_black_app_control (up to 8.5.14)vulnerable

vmware · carbon_black_app_control (up to 8.6.6)vulnerable

vmware · carbon_black_app_control (up to 8.7.4)vulnerable

vmware · carbon_black_app_control (up to 8.8.2)vulnerable

microsoft · windows

References (2)

https://www.vmware.com/security/advisories/VMSA-2022-0008.html

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2022-0008.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs