Lucene search

VMwareVMSA-2022-0008

HistoryMar 23, 2022 - 12:00 a.m.

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

2022-03-2300:00:00

www.vmware.com

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

3a. OS command injection vulnerability in VMware Carbon Black App Control (CVE-2022-22951)

VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.

3b. File upload vulnerability in VMware Carbon Black App Control (CVE-2022-22952)

VMware Carbon Black App Control contains a file upload vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.

CPENameOperatorVersion
appclt8.8.2
appclt8.7.4
appclt8.6.6
appclt8.5.14

Name	Operator	Version
appc	lt	8.8.2
appc	lt	8.7.4
appc	lt	8.6.6
appc	lt	8.5.14

References

community.carbonblack.com/t5/Documentation-Downloads/Critical-App-Control-Server-Patch-Announcement-3-23-22/ta-p/111804#M3557

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H