VMware has addressed a critical flaw in its Carbon Black App Control offering, which is being used by enterprises to guarantee the execution of trusted and approved software on crucial systems and endpoints, reports SecurityWeek.
Threat actors who have gained privileged App Control administration console access could leverage the vulnerability, tracked as CVE-2023-20858, "to use specially crafted input allowing access to the underlying server operating system," said VMware.
App Control versions 8.7.x, 8.8.x, and 8.9.x on Windows are impacted by the vulnerability, which was identified by security researcher Jari Jskel. Aside from the Carbon Black App Control, VMware has also advised regarding a vRealize Orchestrator flaw enabling privilege escalation and information disclosure.
"A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges," said VMware.
Application security, Vulnerability Management
Critical VMware Carbon Black App Control flaw addressed
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds