Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware releases patches for critical flaw in Carbon Black App Control

VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows. VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines. Carbon Black App Control allows to lock down critical systems and servers to prevent […]

VMware Fusion Pwn2Own Berlin 2025

VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows.

VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines.

Carbon Black App Control allows to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates.

An attacker could exploit the flaw to gain unauthenticated administrative access to the application.

“An authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware.” reads the security advisory published by the company. “A malicious actor with network access to the Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.”

The CVE-2021-21998 vulnerability has received a CVSSv3 base score of 9.4.

The company addressed the flaw with the release of Carbon Black App Control (AppC) 8.6.2 and 8.5.8, and a hotfix for the 8.1.x and 8.0.x versions of AppC.

The company informed its customers that there are no workarounds to mitigate this flaw.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VMWare)

[adrotate banner=”5″]

[adrotate banner=”13″]