An authentication bypass vulnerability is tracked as CVE-2021-21998, in Carbon Black App Control (AppC) running on Windows machines. An attacker could exploit the flaw to gain unauthenticated administrative access to the application. The vulnerability has received a CVSSv3 base score of 9.4. The company informed its customers that there are no workarounds to mitigate this flaw. The vulnerability was privately reported to VMWare by a security advisory published by the company. It has been fixed to the 8.6.2 and 8.5.8 versions of AppC.”]
Source: https://securityaffairs.co/wordpress/119362/security/vmware-carbon-black-app-control-flaw.html