A vulnerability in the VMware Carbon Black Cloud Workload appliance was privately reported to VMware. An update is available to remediate this vulnerability in the affected versions of the appliance. VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments. It delivers protection for vSphere workloads while reducing the attack surface and strengthening data center security posture.
Authentication bypass
The security vulnerability tracked as CVE-2021-21982 can manipulate VMware Carbon Black Cloud Workload appliance by bypass authentication. VMware evaluated the security bug as critical severity, assigning it a CVSSv3 base score of 9.1/10. To remediate CVE-2021-21982, the company recommended applying the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.