VMware has published software patches to address two significant security flaws in its ‘Carbon Black App Control’ platform that might allow a hostile actor to execute arbitrary code on impacted Windows installations.
Dubbed CVE-2022-22951 and CVE-2022-22952, both issues are rated 9.1 out of 10 on the CVSS vulnerability ranking system. VMware Carbon Black App Control will allow listing solutions for locking down servers and essential systems, preventing unauthorized changes, and ensuring regulatory compliance.
Carbon Black App Control versions 8.5.x, 8.6.x, 8.7.x, and 8.8.x are affected by the vulnerabilities, which have been fixed in versions 8.5.14, 8.6.6, 8.7.4, and 8.8.2. Users are advised to apply the updates to avoid potential exploitation of unpatched VMware issues, which have become a lucrative attack vector.