Tuesday 6 April 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
VMware Carbon Black Cloud Workload appliance
What you need to know:
After receiving a privately reported vulnerability, VMware created an update to remediate the bypass authentication manipulation in the URL on the administrative interface of the Carbon Black Cloud Workload appliance (CVE-2021-21982).
Actions to be taken:
To remediate the vulnerability, the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ in VMSA-2021-0005 need to be applied. (https://www.vmware.com/security/advisories/VMSA-2021-0005.html)