CVE-2021-21998

CRITICAL

VMware Carbon Black App Control 8.0-8.1, 8.5-8.5.8, 8.6-8.6.2 - Unauthenticated Authentication Bypass

Title source: llm
STIX 2.1

Description

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?

Scores

CVSS v3 9.8
EPSS 0.0049
EPSS Percentile 65.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
vmware/carbon_black_app_control 8.0
vmware/carbon_black_app_control 8.1
vmware/carbon_black_app_control 8.5 - 8.5.8
Published Jun 23, 2021
Tracked Since Feb 18, 2026