Lucene search

VmwareCVELIST:CVE-2023-20858

HistoryFeb 21, 2023 - 12:00 a.m.

CVE-2023-20858

2023-02-2100:00:00

vmware

www.cve.org

vmware

carbon black

app control

injection vulnerability

privileged access

administration console

specially crafted input

server operating system

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "VMware Carbon Black App Control",
    "versions": [
      {
        "version": "VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4",
        "status": "affected"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2023-0004.html