CVE-2022-22952

Published: Mar 23, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.

Affected (4)

Products: Vmware: Carbon Black App Control

Vmware

1 product

Carbon Black App Control

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Carbon Black App Control	From 8.5 to 8.5.14
Vmware Carbon Black App Control	From 8.6 to 8.6.6
Vmware Carbon Black App Control	From 8.7.0 to 8.7.4
Vmware Carbon Black App Control	From 8.8.0 to 8.8.2

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.vmware.com/security/advisories/VMSA-2022-0008.html

Source: security@vmware.com

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2022-0008.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.