The vulnerability of the administration interface of the server for managing VMware Carbon Black App Control allows a perpetrator to execute arbitrary code.

The vulnerability of the administration interface of the VMware Carbon Black App Control server relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading a specially crafted file...

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

CVE-2022-22952

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2022-22951

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may b...

CVE-2022-22952

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2022-22952

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2022-22951

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may b...

Unrestricted file upload

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2022-22952

CVE-2022-22952 affects VMware Carbon Black App Control. Affected only when an attacker has administrative access to the App Control administration interface: uploading a specially crafted file can lead to code execution on the Windows AppC Server. Affected versions are 8.5.x before 8.5.14, 8.6.x ...

CVE-2022-22952

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windo...

CVE-2022-22951

CVE-2022-22951 affects VMware Carbon Black App Control (versions 8.5.x prior to 8.5.14; 8.6.x prior to 8.6.6; 8.7.x prior to 8.7.4; 8.8.x prior to 8.8.2). The vulnerability is an OS command injection caused by improper input validation that could allow an authenticated, highly privileged attacker...

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

3a. OS command injection vulnerability in VMware Carbon Black App Control CVE-2022-22951 VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. 3b...

VMware Carbon Black App Control 代码问题漏洞

VMware Carbon Black App Control is an application control product from VMware USA. It is used to lock down servers and critical systems to prevent unwanted changes. A code issue vulnerability exists in VMware Carbon Black App Control, where an attacker with administrative access to the VMware App...

VMware Carbon Black App Control 操作系统命令注入漏洞

VMware Carbon Black App Control is an application control product from VMware USA. It is used to lock down servers and critical systems to prevent unwanted changes. VMware Carbon Black App Control suffers from an operating system command injection vulnerability that originates from improper input...

CVE-2022-21906

Technical details are not publicly available in the provided documents. Monitor for official disclosures and updates.

VMware Carbon Black App Control Web Console Detection

Binary data vmwarecarbonblackappcontrolwebconsoledetect.nbin...

VMware Carbon Black App Control Installed (Windows)

Binary data vmwarecarbonblackappcontrolwininstalled.nbin...

The vulnerability of the VMware Carbon Black App Control server is related to authentication errors, which allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the VMware Carbon Black App Control server is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...

VMware Carbon Black App Control Unsupported Version Detection (deprecated)

This plugin has been deprecated. For plugins which identify unsupported instances of this product, search the plugin feed for VMware Carbon Black App Control SEoL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...