A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. The flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. The product is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company’s cloud-computing virtualization platform. An attacker with network access to the API could exploit two separate bugs in its vRealize Operations Manager solution.
Source: https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html