The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. The bug is an authentication bypass that could enable an attacker with network access to the server to get administrative privileges without needing to authenticate. There are no workarounds available to fix the bug, which affects AppC versions 8.0, 8.1.1,. 8.6.2, and 8.5.8.
Source: https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/