VMware has released updates that address a critical security vulnerability affecting the Carbon Black App Control platform used for enterprise security. VMware Carbon Black App Control is a security product used to ensure that only trusted and approved software can run on critical systems and endpoints.
The Vulnerability in VMware Carbon Black App Control Platform Has a 9.1 CVSS Score
The security vulnerability, identified as CVE-2023-20858, is caused by improper validation of user-supplied input. A remote user with privileged access to the App Control management console can execute arbitrary code on the target system through a specially crafted request.
The security vulnerability affects App Control 8.7.x, 8.8.x, and 8.9.x versions running on the Windows operating system and has been resolved with the release of versions 8.9.4, 8.8.6, and 8.7.8. Users of these versions that have not been updated are advised to apply the updates promptly to prevent potential exploitation.