Vulnerability affects VMware Carbon Black Cloud Workload appliance version 1.0.1 and earlier. Vulnerability tracked as CVE-2021-21982 can be exploited by attackers remotely without requiring authentications or user interaction in low complexity attacks. The vulnerability was discovered and privately reported to the company by Positive Technologies web security researcher Egor Dimitrenko. On Tuesday, the company also patched two other vulnerabilities found by a security researcher in the vRealize Operations IT operations management platform that could lead to pre-auth remote code execution (RCE)
Source: https://www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/