CVE-2021-21982: VMware Carbon Black Cloud Workload Authentication Bypass Vulnerability Alert

On April 1, 2021, VMware issued a risk notice of VMSA-2021-0005 to fix authentication bypass vulnerability on VMware Carbon Black Cloud Workload, the vulnerability number is CVE-2021-21982 with the CVSSv3 score of 9.1. Attackers can manipulate Carbon Black Cloud Workload to achieve URL bypass authentication.
CVE-2021-21982

Vulnerability Detail

A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Affected version

  • VMware Carbon Black Cloud Workload: <=1.0.1

Solution

In this regard, we recommend that users upgrade VMware Carbon Black Cloud Workload to the latest version in time.