"VMware Patches Critical Injection Flaw in Carbon Black App Control"

VMware has patched a critical vulnerability, tracked as CVE-2023-20858, in Carbon Black App Control, its enterprise solution for preventing the execution of untrusted software on systems and endpoints. Even though the vulnerability has been privately disclosed to VMware, and there have been no reports of it being actively exploited, administrators are strongly encouraged to upgrade to a patched version as soon as possible. The flaw is an injection vulnerability that could grant unauthorized access to the server's underlying operating system. The exploit requires privileged access to the App Control administrator console as well as specially crafted input. The vulnerability discovered by bug hunter Jari Jaaskela has been patched in Carbon Black App Control versions 8.9.4, 8.8.6, and 8.7.4. There are no workarounds or mitigations available. This article continues to discuss the potential exploitation and impact of the critical vulnerability fixed by VMware. 

Help Net Security reports "VMware Patches Critical Injection Flaw in Carbon Black App Control"