CVE-2021-21998

Published on: 06/23/2021 12:00:00 AM UTC

Last Modified on: 06/30/2021 12:30:00 AM UTC

CVE-2021-21998

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Carbon Black App Control from Vmware contain the following vulnerability:

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

  • CVE-2021-21998 has been assigned by URL Logo secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector		 Access
Complexity		 Authentication
NETWORK LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
VMSA-2021-0012 www.vmware.com
text/html
 URL Logo MISC www.vmware.com/security/advisories/VMSA-2021-0012.html?
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 730401 VMware Carbon Black App Control Improper Authentication Vulnerability (VMSA-2021-0012)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationVmwareCarbon Black App ControlAllAllAllAll
ApplicationVmwareCarbon Black App Control8.0AllAllAll
ApplicationVmwareCarbon Black App Control8.1AllAllAll
  • cpe:2.3:a:vmware:carbon_black_app_control:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:carbon_black_app_control:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:vmware:carbon_black_app_control:8.1:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @TheKandymannCan VMSA-2021-0012/CVE-2021-21998 Since the description is so vague, this vulnerability is an issue with API calls bein… twitter.com/i/web/status/1… 2021-06-22 14:34:01
Twitter Icon @the_yellow_fall CVE-2021-21998: VMware Carbon Black App Control authentication bypass vulnerability alert meterpreter.org/cve-2021-21998… #info #news #tech 2021-06-23 07:20:03
Twitter Icon @CVEreport CVE-2021-21998 : VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authen… twitter.com/i/web/status/1… 2021-06-23 12:06:00
Twitter Icon @Dormidera VMware parchea una vulnerabilidad que permitía un bypass de la autenticación en Carbon Black AppC (CVE-2021-21998).… twitter.com/i/web/status/1… 2021-06-23 18:29:32
Twitter Icon @securezoo VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998) and issues fix for l… twitter.com/i/web/status/1… 2021-06-23 19:00:38
Twitter Icon @morodog #News CVE-2021-21998: VMware Carbon Black App Control authentication bypass vulnerability alert: VMware Carbon Blac… twitter.com/i/web/status/1… 2021-06-23 21:06:36
Twitter Icon @enz_3ura VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998) vmware.com/security/advis… 2021-06-24 00:25:38
Twitter Icon @morodog CVE-2021-21998: VMware Carbon Black App Control authentication bypass vulnerability alert: VMware Carbon Black Clou… twitter.com/i/web/status/1… 2021-06-24 01:06:04
Twitter Icon @threatmeter CVE-2021-21998 VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authenti… twitter.com/i/web/status/1… 2021-06-24 07:10:44
Twitter Icon @TheHackersNews VMware has released security patches for Carbon Black App Control to fix a critical #vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-24 08:03:36
Twitter Icon @Swati_THN VMware has released security patches for Carbon Black App Control to fix a critical #vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-24 08:16:14
Twitter Icon @security_wang VMware has released security patches for Carbon Black App Control to fix a critical #vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-24 08:25:02
Twitter Icon @MME_IT #VMware has released security patches for #CarbonBlack App Control to fix a critical #vulnerability (CVE-2021-21998… twitter.com/i/web/status/1… 2021-06-24 08:28:50
Twitter Icon @ipssignatures I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-21998. The vuln was published 0 d… twitter.com/i/web/status/1… 2021-06-24 09:04:00
Twitter Icon @ipssignatures The vuln CVE-2021-21998 has a tweet created 0 days ago and retweeted 28 times. twitter.com/TheHackersNews… #S2lru436skiwlw 2021-06-24 09:04:00
Twitter Icon @AlirezaGhahrood VMware has released security patches for Carbon Black App Control to fix a critical vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-24 10:35:46
Twitter Icon @unix_root VMware has released security patches for Carbon Black App Control to fix a critical #vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-24 12:40:02
Twitter Icon @ClavoConClavo autenticacióny tomar el control de sistemas vulnerables. La vulnerabilidad, identificada como CVE-2021-21998, tiene… twitter.com/i/web/status/1… 2021-06-24 12:59:48
Twitter Icon @ShahriyarGourgi CVE-2021-21998 Flaw Is an Authentication Bypass Impacting VMware Carbon Black App Control (AppC) versions 8.0, 8.1,… twitter.com/i/web/status/1… 2021-06-25 09:52:45
Twitter Icon @ShahriyarGourgi VMware has released security patches for Carbon Black App Control to fix a critical vulnerability (CVE-2021-21998,… twitter.com/i/web/status/1… 2021-06-25 09:54:35
Reddit Logo Icon /r/netcve CVE-2021-21998 2021-06-23 12:41:26
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report