3a. OS command injection vulnerability in VMware Carbon Black App Control (CVE-2022-22951)
VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
3b. File upload vulnerability in VMware Carbon Black App Control (CVE-2022-22952)
VMware Carbon Black App Control contains a file upload vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
community.carbonblack.com/t5/Documentation-Downloads/Critical-App-Control-Server-Patch-Announcement-3-23-22/ta-p/111804#M3557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H