VMware has addressed a critical vulnerability (CVE-2021-21982) in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.

VMware Carbon Black Cloud Workload is a data center security software. It also bundles endpoint protection capabilities, including endpoint detection and response (EDR), next-gen antivirus, and real-time threat hunting.

This security vulnerability impacts VMware Carbon Black Cloud Workload appliance version 1.0.1 and earlier.

VMware evaluated the security bug as critical severity, assigning it a CVSSv3 base score of 9.1/10.

More inforamtion on vulnerability and update is available in the Vmware security advisory – VMSA-2021-0005.

Source: bleepingcomputer.com