VMware Releases Fixes for Carbon Black App Control Vulnerabilities
VMware has released updates to fix two critical flaws in its Carbon Black App Control tool. The OS command injection vulnerability and the file upload issue could be exploited to execute arbitrary commands. Exploiting the flaws requires the attacker to be logged in with administrative privileges or as a highly privileged user.
While exploiting the flaw requires access with privileges, this is your application allow/deny list, and there are no workarounds, so you don't want to miss addressing this flaw. The fix is to apply the corresponding patch for your currently installed App Control tool.