VMware Carbon Black App Control was recently updated to fix a critical vulnerability that allows access to servers without authorization.
The vulnerability, identified as CVE-2021-21998, is an authentication bypass that affects VMware Carbon Black App Control versions 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before 8.6.2 gives vulnerable parties access to the VMware Carbon Black App Control Management Server.
This allows them to exploit the bug to gain administrative privileges without having to authenticate and inform VMware’s security advisor.
For more information, read the original story in Bleeping Computer.