Rewterz Threat Advisory – CVE-2021-21998 – VMware Carbon Black App Control Server Vulnerability

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs

June 28, 2021

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

June 28, 2021

Rewterz Threat Advisory – CVE-2021-21998 – VMware Carbon Black App Control Server Vulnerability

Severity

High

Analysis Summary

CVE-2021-21998

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

Impact

Bypass Security
Gain Privileges

Affected Vendors

VMware

Affected Products

VMware Carbon Black App Control (AppC)

Remediation

Refer to VMware Security Advisory VMSA-2021-0012 for the patch, upgrade, or suggested workaround information.

https://www.vmware.com/security/advisories/VMSA-2021-0012.html

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Alert – Raccoon Infostealer – Active IOCs

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Advisory – CVE-2021-21998 – VMware Carbon Black App Control Server Vulnerability

Severity

Analysis Summary

CVE-2021-21998

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan