VMware on Tuesday launched patches to deal with a essential safety vulnerability affecting its Carbon Black App Management product.
Tracked as CVE-2023-20858, the shortcoming carries a CVSS rating of 9.1 out of a most of 10 and impacts App Management variations 8.7.x, 8.8.x, and eight.9.x.
The virtualization providers supplier describes the problem as an injection vulnerability. Safety researcher Jari Jääskelä has been credited with discovering and reporting the bug.
“A malicious actor with privileged entry to the App Management administration console might be able to use specifically crafted enter permitting entry to the underlying server working system,” the corporate said in an advisory.
VMware stated there are not any workarounds that resolve the flaw, necessitating that prospects replace to variations 8.7.8, 8.8.6, and eight.9.4 to mitigate potential dangers.
It is price stating that Jääskelä was additionally credited with reporting two essential vulnerabilities in the identical product (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1) that have been resolved by VMware in March 2022.
Additionally mounted by the corporate is an XML Exterior Entity (XXE) Vulnerability (CVE-2023-20855, CVSS rating: 8.8) affecting vRealize Orchestrator, vRealize Automation, and Cloud Basis.
“A malicious actor, with non-administrative entry to vRealize Orchestrator, might be able to use specifically crafted enter to bypass XML parsing restrictions resulting in entry to delicate data or doable escalation of privileges,” VMware said.
It isn’t unusual for risk actors to focus on Fortinet product vulnerabilities of their assaults so it is essential that customers set up the patches as quickly as doable.