www.vmware.com
Open in
urlscan Pro
2a02:26f0:6c00:28b::2ef
Public Scan
Submitted URL: http://sgemail.gainsightapp.com/ls/click?upn=Vd-2F0gEjS7KZJeOUkTsRHiypVT3FddQO-2BsDgH1y09FOcQ3Ohs3Zfh7DO98fTPyFebZTRvDg5OED1xGuK...
Effective URL: https://www.vmware.com/security/advisories/VMSA-2022-0008.html
Submission Tags: falconsandbox
Submission: On May 22 via api from US — Scanned from DE
Effective URL: https://www.vmware.com/security/advisories/VMSA-2022-0008.html
Submission Tags: falconsandbox
Submission: On May 22 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
//www.vmware.com/search.html
<form action="//www.vmware.com/search.html" id="globalsearch" class="wrapperSearch">
<input type="text" name="q" id="ub-search" class="d-none" aria-role="searchbox" role="searchbox">
<a href="javascript:void(0);" aria-label="Search vmware.com" class="search-icon ml-lg-3" name="nav_utility : Search">
<i class="fa fa-search text-indigo mr-2 mr-lg-0" aria-hidden="true"></i>
</a>
<input type="hidden" name="num" value="20">
<input type="hidden" name="filter" value="0">
<input type="hidden" name="ie" value="UTF-8">
<input type="hidden" name="oe" value="UTF-8">
<input type="hidden" name="entqr" value="0">
<input type="hidden" name="start" value="0">
<input type="hidden" name="sort" value="">
<input type="hidden" name="tlen" value="200">
<input type="hidden" name="numgm" value="3">
<input type="hidden" name="cn" value="vmware">
<input type="hidden" name="cid" value="">
<input type="hidden" name="tid" value="">
<input type="hidden" name="getfields" value="*">
<input type="hidden" name="partialfields" value="">
<input type="hidden" name="requiredfields" value="">
<input type="hidden" name="place" value="top">
<input type="hidden" name="client" value="VMware_Site_1">
<input type="hidden" name="site" value="VMware_Site_1">
<input type="hidden" name="cc" value="en">
<input type="hidden" name="stype" value="main">
</form>Name: securitysignup — POST https://lists.vmware.com/mailman/subscribe/security-announce
<form accept-charset="UNKNOWN" action="https://lists.vmware.com/mailman/subscribe/security-announce" enctype="application/x-www-form-urlencoded" id="securitysignup" method="post" name="securitysignup">
<input id="securityEmail" name="email" size="25" type="text" placeholder="Enter your email address">
<span class="btn-submit"><button name="email-button" type="submit" onclick="validateEmail();"><i class="fa fa-chevron-right" aria-hidden="true"></i></button></span>
<span class="subscriptionerrorMsg"></span>
</form>Text Content
Global Search
US About Us Resources Store
Log in
Cloud Services Console Customer Connect Partner Connect
* Multi-Cloud
* App Platform
* Cloud & Edge Infrastructure
* Anywhere Workspace
* Security
* Partners
Main Menu
TAKE CONTROL OF YOUR MULTI-CLOUD ENVIRONMENT
73% of enterprises use two or more public clouds today. While multi-cloud
accelerates digital transformation, it also introduces complexity and risk.
Simplicity Across Clouds Is Rare
91% of executives are looking to improve “consistency across [their] public
cloud environments."
Applications Need to Be Modernized
68% of developers want to expand use of modern application frameworks, APIs and
services.
Distributed Work Models Are Here to Stay
72% of enterprise employees are working from non-traditional environments.
Security Is a Top-Down Concern
Risk related to security, data and privacy issues remains the #1 multi-cloud
challenge.
SEE HOW VMWARE CAN HELP
VMWARE CROSS-CLOUD™ SERVICES ENABLE ORGANIZATIONS TO UNLOCK THE POTENTIAL OF
MULTI-CLOUD WITH ENTERPRISE SECURITY AND RESILIENCY.
BUILD & OPERATE CLOUD NATIVE APPS
Give developers the flexibility to use any app framework and tooling for a
secure, consistent and fast path to production on any cloud.
CONNECT & SECURE APPS & CLOUDS
Deliver security and networking as a built-in distributed service across users,
apps, devices, and workloads in any cloud.
AUTOMATE & OPTIMIZE APPS & CLOUDS
Operate apps and infrastructure consistently, with unified governance and
visibility into performance and costs across clouds.
ACCESS ANY APP ON ANY DEVICE
Empower your employees to be productive from anywhere, with secure, frictionless
access to enterprise apps from any device.
RUN ENTERPRISE APPS ANYWHERE
Run enterprise apps and platform services at scale across public and telco
clouds, data centers and edge environments.
LEARN ABOUT CROSS-CLOUD SERVICES
Main Menu
Multi-Cloud Spotlight
MODERNIZE FASTER ACROSS CLOUDS
MODERNIZE APPS FASTER WITH A MULTI-CLOUD KUBERNETES PLATFORM TO HELP YOU BUILD
AND RUN ALL APPS CONSISTENTLY ACROSS CLOUDS.
Get on a Faster Path to Prod
Build and deploy quickly and securely on any public cloud or on-premises
Kubernetes cluster.
Simplify Kubernetes Operations
Build and operate a secure, multi-cloud container infrastructure at scale.
Pair with App Development Experts
Unlock value by modernizing your existing apps and building innovative new
products.
LEARN MORE
APP PLATFORM
Build, run, secure, and manage all of your apps across any cloud with
application modernization solutions and guidance from VMware.
11 Security Practices to Manage Container Lifecycle
Get recommended practices for DevSecOps teams that desire a more modern app
methodology.
GAIN ACCESS NOW
SOLUTIONS & PRODUCTS
LEAD WITH DEVELOPER EXPERIENCE
Cloud Native Application Development Modern App Dev Practices Modernize Existing
Apps Start Your Modernization Tanzu Application Platform Tanzu Data Services
REALIZE DEVSECOPS OUTCOMES
Carbon Black Container Embrace DevSecOps Secure the Software Supply Chain Tanzu
Service Mesh
EMBRACE PLATFORM OPS
Build a Kubernetes Platform Tanzu Community Edition Tanzu Kubernetes Grid Tanzu
for Kubernetes Operations Tanzu Mission Control Tanzu Observability
CONNECT & SECURE MODERN APPS
Carbon Black Container Container Networking with Antrea Network Security NSX NSX
Advanced Load Balancer Tanzu Service Mesh
EMERGE AS A CLOUD NATIVE CSP
Telco Cloud Automation Telco Cloud Infrastructure Telco Cloud Operations Telco
Cloud Platform Telco Cloud Platform – Public Cloud Telco Cloud Platform – RAN
VMware RIC
QUICK LINKS
All Industries
ALL PRODUCTS
ALL SOLUTIONS
Main Menu
Multi-Cloud Spotlight
POWER EVERY APP ON ANY CLOUD
MIGRATE TO THE CLOUD WITHOUT RECODING YOUR APPS. MODERNIZE YOUR INFRASTRUCTURE
AND OPERATE CONSISTENTLY ACROSS THE DATA CENTER, THE EDGE, AND ANY CLOUD.
Scale Your Business & Innovate
Secure, run, and manage modern apps at scale, across clouds with consistent
operations, higher speed, and reduced risks.
Accelerate Cloud Transformation
Modernize infrastructure, ops and apps to reduce cross-cloud complexity, lower
costs, and improve security.
Empower a Hybrid Workforce
Enable anywhere work with broad effective security, a frictionless employee
experience, and reduced cost and complexity.
LEARN MORE
CLOUD & EDGE INFRASTRUCTURE
Run enterprise apps at scale with a consistent cloud infrastructure across
public clouds, data centers and edge environments.
VMware Research: Multi-Cloud Strategies
Learn why enterprises find multi-cloud strategies critical for success.
SEE INTERACTIVE EBOOK
SOLUTIONS & PRODUCTS
CLOUD INFRASTRUCTURE
EXPLORE VMWARE CLOUD
Adopt Multi-Cloud Choose Hybrid Cloud Migrate to the Cloud VMware Cloud
Universal
SELECT CLOUD INFRASTRUCTURE
Alibaba Cloud VMware Service Azure VMware Solution Google Cloud VMware Engine
IBM Cloud for VMware Solutions Oracle Cloud VMware Solution VMware Cloud on AWS
VMware Cloud on AWS GovCloud (US) VMware Cloud on Dell EMC VMware Cloud Disaster
Recovery VMware Cloud Foundation VMware Verified Cloud Providers
GET A HYPERCONVERGED INFRASTRUCTURE
Dell EMC VxRail NSX NSX Advanced Load Balancer vCenter Server vSAN vSphere
OPERATE IN THE CLOUD
Accelerate Disaster Recovery Automate the Network Deploy a Sovereign Cloud
Enable Cloud Adoption Scale Capacity On Demand
TRANSFORM TELCO CLOUD
Edge Monetization Network Modernization Network Programmability RAN
Disaggregation
MANAGE THE CLOUD
CloudHealth CloudHealth Secure State vRealize Automation vRealize Cloud
Management vRealize Cloud Universal vRealize Log Insight vRealize Network
Insight vRealize Operations
SECURE CLOUD WORKLOADS
Carbon Black Container Carbon Black Workload CloudHealth Secure State NSX
Advanced Load Balancer NSX Distributed Firewall NSX Distributed IDS/IPS
EDGE
ENABLE THE MULTI-CLOUD EDGE
Edge Compute Stack Edge Network Intelligence Empower Remote Work Optimize and
Secure the WAN SD-WAN Secure Access Secure Access Service Edge (SASE) Telco Edge
VMware Cloud Web Security
QUICK LINKS
All Industries Cloud Platform Tech Zone VMware Tech Zone
ALL PRODUCTS
ALL SOLUTIONS
Main Menu
Multi-Cloud Spotlight
MULTI-CLOUD & ANYWHERE WORKSPACE
EMPOWER YOUR EMPLOYEES TO BE PRODUCTIVE FROM ANYWHERE, WITH SECURE, FRICTIONLESS
ACCESS TO ENTERPRISE APPS FROM ANY DEVICE.
Deliver an Engaging Experience
Put employees first with device choice, flexibility, and seamless, consistent,
high-quality experiences.
Secure Today’s Anywhere Workspace
Ease the move to Zero Trust with situational intelligence and connected control
points.
Automate the Workspace
Manage to outcomes — not tasks — with intelligent compliance, workflow and
performance management.
LEARN MORE
ANYWHERE WORKSPACE
Enable any employee to work from anywhere, anytime with seamless employee
experiences.
Remote Work Is No Longer Optional
Shift from supporting remote work to becoming an anywhere organization.
DOWNLOAD BRIEF
SOLUTIONS & PRODUCTS
EMBRACE ANYWHERE WORKSPACE
Digital Employee Experience Endpoint Protection End User Adoption SaaS App
Management Secure Remote Access Virtual Desktops and Applications Web Protection
Workspace ONE Workspace ONE UEM
ENSURE EXPERIENCE AND PRODUCTIVITY
Workspace ONE Access Workspace ONE Assist Workspace ONE Intelligence Workspace
ONE Intelligent Hub Workspace ONE Productivity Apps
ENABLE MODERN MANAGEMENT
Workspace ONE Freestyle Orchestrator Workspace ONE Intelligence Workspace ONE
UEM Workspace ONE UEM for Mac Workspace ONE for Windows
SCALE WITH VDI & DAAS
Horizon Horizon Cloud NSX Advanced Load Balancer Workspace ONE Assist for
Horizon
EMPOWER FRONTLINE WORKERS
Workspace ONE Assist Workspace ONE Intelligence Workspace ONE Launcher Workspace
ONE for Rugged Devices Workspace ONE UEM Workspace ONE for Workspace IoT
Endpoints
SECURE THE HYBRID WORKFORCE
Carbon Black Endpoint Secure Access VMware Cloud Web Security Workspace ONE
Access Workspace ONE Intelligence
QUICK LINKS
All Industries Workspace Tech Zone
ALL PRODUCTS
ALL SOLUTIONS
Main Menu
Multi-Cloud Spotlight
MULTI-CLOUD SECURITY & NETWORKING
WITH CONNECTED SECURITY THAT DELIVERS FULL VISIBILITY AND FRICTIONLESS
OPERATIONS, YOUR APPS AND DATA ARE MORE SECURE WITH VMWARE, IN ANY ENVIRONMENT.
Secure & Connect Workloads
Operationalize consistent security and networking across apps, users, and
entities with transparency built into our tools.
Protect APIs — the New Endpoints
Increase app velocity and centrally manage, secure, connect, and govern your
clusters no matter where they reside.
Be Future-Ready
Get built-in threat intelligence spanning users, endpoints and networks to
evolve your protection in a dynamic landscape.
LEARN MORE
SECURITY & NETWORKING
Deliver security and networking as a built-in distributed service across users,
apps, devices, and workloads in any cloud.
Protect Your Multi-Cloud Environments
Discover the unique characteristics of malware and how to stay ahead of attacks.
GET THREAT REPORT
SOLUTIONS & PRODUCTS
SECURITY
MODERNIZE THE SOC
Carbon Black Cloud Carbon Black Endpoint Carbon Black MDR NSX Distributed
IDS/IPS NSX Network Detection and Response NSX Sandbox Security Professional
Services
SECURE MULTI-CLOUD WORKLOADS
Carbon Black App Control Carbon Black Container Carbon Black Workload
CloudHealth Secure State NSX Distributed Firewall NSX Distributed IDS/IPS
Ransomware Protection
SECURE MODERN APPS
Carbon Black Container Container Networking with Antrea Tanzu Service Mesh
SECURE THE HYBRID WORKFORCE
Carbon Black App Control Carbon Black Endpoint SASE Platform SD-WAN Secure
Access
NETWORKING
BUILD A MODERN NETWORK
Accelerate Cloud Adoption Automate the Network Connect and Secure Modern Apps
Connect Containers and Kubernetes Container Networking with Antrea NSX NSX
Advanced Load Balancer NSX Distributed Firewall Rethink Application Delivery
Tanzu Service Mesh
STRENGTHEN APP & NETWORK ACCESS
Edge Network Intelligence Empower Remote Work Optimize and Secure the WAN SD-WAN
Secure Access Secure Access Service Edge (SASE) VMware Cloud Web Security
SECURE YOUR NETWORK
NSX Distributed Firewall NSX Distributed IDS/IPS NSX Firewall NSX Gateway
Firewall NSX Network Detection & Response NSX Sandbox
AUTOMATE THE NETWORK
Global Network Identities HCX Workload Mobility NSX Intelligence vRealize
Network Insight
QUICK LINKS
All Industries Carbon Black Tech Zone NSX Tech Zone
ALL PRODUCTS
ALL SOLUTIONS
Main Menu
Multi-Cloud Spotlight
TRUSTED ADVISORS ON MULTI-CLOUD JOURNEY
PARTNERS ARE TRUSTED ADVISORS TO GUIDE CUSTOMERS’ JOURNEYS TO MULTI-CLOUD,
ENABLING DIGITAL INNOVATION WITH ENTERPRISE CONTROL.
Work with a VMware Partner
Partners deliver outcomes with their expertise and VMware technology, creating
exceptional value for our mutual customers.
Become a Partner
Together with our partners, VMware is building the new multi-cloud ecosystem
positioned to become essential to our customers.
LEARN MORE
PARTNERS
With thousands of partners worldwide, we are positioned to help customers scale
their business, drive innovation and transform their customer experience.
Working Together with Partners for Customer Success
See how we work with a global partner to help companies prepare for multi-cloud.
VIEW PARTNER STORY
SOLUTIONS
FOR CUSTOMERS
Find a Cloud Provider Find a Partner VMware Marketplace Work with a Partner
FOR PARTNERS
Become a Cloud Provider Cloud Partner Navigator Get Cloud Verified Learning and
Selling Resources Partner Connect Login Partner Executive Edge Technology
Partner Hub Work with VMware
Ellipsis
VMware Security Solutions Advisories VMSA-2022-0008
Critical
Advisory ID: VMSA-2022-0008
CVSSv3 Range: 9.1
Issue Date: 2022-03-23
Updated On: 2022-03-23 (Initial Advisory)
CVE(s): CVE-2022-22951, CVE-2022-22952
Synopsis: VMware Carbon Black App Control update addresses multiple
vulnerabilities (CVE-2022-22951, CVE-2022-22952)
RSS Feed
Download PDF
Download Text File
Share this page on social media
Sign up for Security Advisories
1. IMPACTED PRODUCTS
* VMware Carbon Black App Control (AppC)
2. INTRODUCTION
Multiple vulnerabilities in VMware Carbon Black App Control were privately
reported to VMware. Updates are available to remediate these vulnerabilities in
affected VMware products.
3A. OS COMMAND INJECTION VULNERABILITY IN VMWARE CARBON BLACK APP CONTROL
(CVE-2022-22951)
Description
VMware Carbon Black App Control contains an OS command injection vulnerability.
VMware has evaluated the severity of this issue to be in the Critical severity
range with a maximum CVSSv3 base score of 9.1.
Known Attack Vectors
An authenticated, high privileged malicious actor with network access to
the VMware App Control administration interface may be able to execute commands
on the server due to improper input validation leading to remote code execution.
Resolution
To remediate CVE-2022-22951 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
Before using the download links make sure to log into the Carbon Black User
Exchange (UEX).
Acknowledgements
VMware would like to thank Jari Jääskelä (@JJaaskela) for reporting this issue
to us.
3B. FILE UPLOAD VULNERABILITY IN VMWARE CARBON BLACK APP CONTROL
(CVE-2022-22952)
Description
VMware Carbon Black App Control contains a file upload vulnerability. VMware has
evaluated the severity of this issue to be in the Critical severity range with a
maximum CVSSv3 base score of 9.1.
Known Attack Vectors
A malicious actor with administrative access to the VMware App Control
administration interface may be able to execute code on the Windows instance
where AppC Server is installed by uploading a specially crafted file.
Resolution
To remediate CVE-2022-22952 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
Before using the download links make sure to log into the Carbon Black User
Exchange (UEX).
Acknowledgements
VMware would like to thank Jari Jääskelä (@JJaaskela) for reporting this issue
to us.
Response Matrix 3a, 3b
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version
Workarounds Additional Documentation
AppC
8.8.x
Windows
CVE-2022-22951, CVE-2022-22952
9.1
critical
8.8.2
None
None
AppC
8.7.x
Windows
CVE-2022-22951, CVE-2022-22952
9.1
critical
8.7.4
None
None
AppC
8.6.x
Windows
CVE-2022-22951, CVE-2022-22952
9.1
critical
8.6.6
None
None
AppC
8.5.x
Windows
CVE-2022-22951, CVE-2022-22952
9.1
critical
8.5.14
None
None
4. REFERENCES
Fixed Version(s) and Release Notes:
VMware Carbon Black App Control 8.8.2, 8.7.4, 8.6.6, 8.5.14
Downloads and Documentation:
https://community.carbonblack.com/t5/Documentation-Downloads/Critical-App-Control-Server-Patch-Announcement-3-23-22/ta-p/111804#M3557
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952
FIRST CVSSv3 Calculator:
CVE-2022-22951: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-22952: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
5. CHANGE LOG
2022-03-23 VMSA-2022-0008
Initial security advisory.
6. CONTACT
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2022 VMware Inc. All rights reserved.
Company
About Us Executive Leadership News & Stories Investor Relations Customer Stories
Diversity, Equity & Inclusion Environment, Social & Governance
Careers Blogs Communities Acquisitions Office Locations VMware Cloud Trust
Center COVID-19 Resources
Support
VMware Customer Connect Support Policies Product Documentation Compatibility
Guide End User Terms & Conditions California Transparency Act Statement
Twitter YouTube Facebook LinkedIn Contact Sales
--------------------------------------------------------------------------------
© 2022 VMware, Inc. Terms of Use Your California Privacy Rights Privacy
Accessibility Site Map Trademarks Glossary Help Feedback
Cookie Settings
We use cookies to provide you with the best experience on our website, to
improve usability and performance and thereby improve what we offer to you. Our
website may also use third-party cookies to display advertising that is more
relevant to you. By clicking on the “Accept All” button you agree to the storing
of cookies on your device. If you want to know more about how we use cookies,
please see our Cookie Policy.
Cookie Settings Accept All Cookies
COOKIE PREFERENCE CENTER
GENERAL INFORMATION ON COOKIES
GENERAL INFORMATION ON COOKIES
When you visit our website, we use cookies to ensure that we give you the best
experience. This information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies by clicking on the
different category headings to find out more and change your settings. However,
blocking some types of cookies may impact your experience on the site and the
services we are able to offer. Further information can be found in our
Cookie Policy.
* STRICTLY NECESSARY
STRICTLY NECESSARY
Always Active
Strictly Necessary
Strictly necessary cookies are always enabled since they are essential for
our website to function. They enable core functionality such as security,
network management, and website accessibility. You can set your browser to
block or alert you about these cookies, but this may affect how the website
functions. For more information please visit www.aboutcookies.org or
www.allaboutcookies.org.
Cookie Details
* PERFORMANCE
PERFORMANCE
Performance
Performance cookies are used to analyze the user experience to improve our
website by collecting and reporting information on how you use it. They allow
us to know which pages are the most and least popular, see how visitors move
around the site, optimize our website and make it easier to navigate.
Cookie Details
* FUNCTIONAL
FUNCTIONAL
Functional
Functional cookies help us keep track of your past browsing choices so we can
improve usability and customize your experience. These cookies enable the
website to remember your preferred settings, language preferences, location
and other customizable elements such as font or text size. If you do not
allow these cookies, then some or all of these services may not function
properly.
Cookie Details
* ADVERTISING
ADVERTISING
Advertising
Advertising cookies are used to send you relevant advertising and promotional
information. They may be set through our site by third parties to build a
profile of your interests and show you relevant advertisements on other
sites. These cookies do not directly store personal information, but their
function is based on uniquely identifying your browser and internet device.
Cookie Details
* SOCIAL MEDIA
SOCIAL MEDIA
Social Media
Social media cookies are intended to facilitate the sharing of content and to
improve the user experience. These cookies can sometimes track your
activities. We do not control social media cookies and they do not allow us
to gain access to your social media accounts. Please refer to the relevant
social media platform’s privacy policies for more information.
Cookie Details
Back Button
ADVERTISING COOKIES
Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts
Select All
* REPLACE-WITH-DYANMIC-HOST-ID
View Third Party Cookies
* Name
cookie name
Clear Filters
Information storage and access
Apply
Confirm My Choices Allow All