Project Hyphae
Search

VMware Warns of Uninvited Guests: Critical Privilege Execution Flaw Patched in Carbon Black App Control

Share This Post

VMware has released patches for a critical security vulnerability affecting its Carbon Black App Control product. The vulnerability, tracked as CVE-2023-20858, carries a CVSS score of 9.1 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. VMware describes the flaw as an injection vulnerability, and warns that a malicious actor with privileged access to the App Control administration console could use specially crafted input to access the underlying server operating system. There are no workarounds for the vulnerability, and customers are advised to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks.

https://www.helpnetsecurity.com/2023/02/22/cve-2023-20858/

https://www.vmware.com/security/advisories/VMSA-2023-0004.html

https://www.securityweek.com/vmware-plugs-critical-carbon-black-app-control-flaw/



Reach out to our incident response team for help

More To Explore

Information Security News – 4/14/2025

Oracle Confirms “Obsolete Servers” Hacked Article link: https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/    Phishing Kits Now Vet Victims in Real-Time Before Stealing Credentials Article link: https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/    Neptune RAT

Marcus Cylar April 14, 2025

Information Security News – 4/7/2025

Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/ As CISA Downsizes, Where Can Enterprises Get Support? Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support Oracle Privately

Jo Moldenhauer April 7, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.