| Product and affected versions: VMware Carbon Black App Control versions 8.7.x, 8.8.x, and 8.9.x are affected by the vulnerability. | |
| Severity and CEV ID: The vulnerability, tracked as CVE-2023-20858, is rated as critical with a CVSS score of 9.1 out of 10. | |
| Vulnerability: The vulnerability is described as an injection vulnerability that could allow a malicious actor with privileged access to the App Control administration console to access the underlying server operating system. | |
| How attack works: A malicious actor with privileged access to the App Control administration console could use specially crafted input to exploit the vulnerability. | |
| Remediations: Customers are advised to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks. There are no known workarounds to resolve the vulnerability. | |
| Reference: The vulnerability was reported by security researcher Jari Jääskelä. |
