A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The issue in the appliance stems from incorrect URL handling, according to VMware s advisory issued last week. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system.
Source: https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/