www.vmware.com
Open in
urlscan Pro
2a02:26f0:1700:599::2ef
Public Scan
Submitted URL: http://sgemail.gainsightapp.com/ls/click?upn=Vd-2F0gEjS7KZJeOUkTsRHiypVT3FddQO-2BsDgH1y09FOcQ3Ohs3Zfh7DO98fTPyFebZTRvDg5OED1xGuK...
Effective URL: https://www.vmware.com/security/advisories/VMSA-2022-0008.html
Submission Tags: falconsandbox
Submission: On April 01 via api from US — Scanned from DE
Effective URL: https://www.vmware.com/security/advisories/VMSA-2022-0008.html
Submission Tags: falconsandbox
Submission: On April 01 via api from US — Scanned from DE
Form analysis
2 forms found in the DOM//www.vmware.com/search.html
<form action="//www.vmware.com/search.html" id="globalsearch" class="wrapperSearch">
<input type="text" name="q" id="ub-search" class="d-none" placeholder="Search" aria-role="searchbox" role="searchbox">
<a href="javascript:void(0);" aria-label="Search vmware.com" class="search-icon ml-lg-3" name="nav_utility : Search">
<i class="fa fa-search text-indigo mr-2 mr-lg-0" aria-hidden="true"></i>
</a>
<input type="hidden" name="num" value="20">
<input type="hidden" name="filter" value="0">
<input type="hidden" name="ie" value="UTF-8">
<input type="hidden" name="oe" value="UTF-8">
<input type="hidden" name="entqr" value="0">
<input type="hidden" name="start" value="0">
<input type="hidden" name="sort" value="">
<input type="hidden" name="tlen" value="200">
<input type="hidden" name="numgm" value="3">
<input type="hidden" name="cn" value="vmware">
<input type="hidden" name="cid" value="">
<input type="hidden" name="tid" value="">
<input type="hidden" name="getfields" value="*">
<input type="hidden" name="partialfields" value="">
<input type="hidden" name="requiredfields" value="">
<input type="hidden" name="place" value="top">
<input type="hidden" name="client" value="VMware_Site_1">
<input type="hidden" name="site" value="VMware_Site_1">
<input type="hidden" name="cc" value="en">
<input type="hidden" name="stype" value="main">
</form>
Name: securitysignup — POST https://lists.vmware.com/mailman/subscribe/security-announce
<form accept-charset="UNKNOWN" action="https://lists.vmware.com/mailman/subscribe/security-announce" enctype="application/x-www-form-urlencoded" id="securitysignup" method="post" name="securitysignup">
<input id="securityEmail" name="email" size="25" type="text" placeholder="Enter your email address">
<span class="btn-submit"><button name="email-button" type="submit" onclick="validateEmail();"><i class="fa fa-chevron-right" aria-hidden="true"></i></button></span>
<span class="subscriptionerrorMsg"></span>
</form>
Text Content
Cookie Settings Global Search US About Us Store Log In Cloud Services Console Customer Connect Partner Connect * Multi-Cloud * Apps & Cloud * Networking * Workspace * Security * Partners * Resources UNLOCK THE POTENTIAL OF MULTI-CLOUD Take control of your multi-cloud environment with VMware Cross-Cloud™ services to transform customer experiences, grow the business and drive productivity. Why multi-cloud? CROSS-CLOUD SERVICES APP PLATFORM Build and operate cloud native apps. CLOUD MANAGEMENT Monitor and manage any cloud. CLOUD INFRASTRUCTURE Run enterprise apps anywhere. EXPLORE CROSS-CLOUD SECURITY AND NETWORKING Connect and secure clouds and apps. ANYWHERE WORKSPACE Access apps on any device securely. APPS & CLOUD Unlock the value of any cloud and accelerate the delivery of modern applications with VMware Cloud. LEARN MORE RELATED LINKS Tanzu Developer Center VMware Tanzu Blog VMware Cloud Blog Customer Stories Cloud Economics VMware Cloud Providers VMware Marketplace SOLUTIONS APPLICATIONS Adopt Containers & Kubernetes Embrace DevSecOps Build Apps & Microservices Modernize Existing Apps CLOUD INFRASTRUCTURE Migrate to the Cloud Scale Capacity On Demand Modernize the Data Center TELCO CLOUD 5G Edge SEE ALL SOLUTIONS PRODUCTS VMWARE CLOUD VMware Cloud Universal VMWARE TANZU Tanzu Community Edition Tanzu Application Platform Tanzu for Kubernetes Operations Tanzu Labs CLOUD INFRASTRUCTURE VMware Cloud Foundation VMware Cloud on AWS VMware Cloud on AWS Outposts VMware Cloud on Dell EMC Azure VMware Solution Google Cloud VMware Engine IBM Cloud for VMware Solutions Oracle Cloud VMware Solution VMware Cloud Verified VMware Cloud Disaster Recovery SEE ALL PRODUCTS HYPERCONVERGED INFRASTRUCTURE vSphere vSAN NSX vCenter Server Dell EMC VxRail CLOUD MANAGEMENT vRealize Cloud Management vRealize Cloud Universal vRealize Suite & vCloud Suite vRealize Automation vRealize Operations vRealize Log Insight CloudHealth by VMware Suite CLOUD SECURITY CloudHealth Secure State VMware Carbon Black Workload Tanzu Service Mesh NSX Cloud NETWORKING Accelerate modern app operations with network and security virtualization for WAN, data center and cloud. LEARN MORE RELATED LINKS NSX Hands-on Labs Customer Stories Networking Blog SD-WAN Blog Networking Services VMware Marketplace SOLUTIONS Connect Containers & Kubernetes Secure the Modern Network Automate the Network Enable Cloud Adoption Optimize and Secure the WAN Implement Zero Trust Enable Application Delivery Embrace Remote Work SEE ALL SOLUTIONS PRODUCTS CLOUD NETWORKING NSX NSX Advanced Load Balancer Modern App Connectivity Solution Container Networking with Antrea SECURE ACCESS SERVICE EDGE (SASE) VMware SD-WAN VMware Secure Access VMware Cloud Web Security Edge Network Intelligence SEE ALL PRODUCTS NETWORK SECURITY NSX Distributed Firewall NSX Gateway Firewall NSX Network Detection & Response NSX Distributed IDS/IPS NSX Sandbox NETWORK AUTOMATION & OPERATIONS Global Network Identities vRealize Network Insight HCX Workload Mobility NSX Intelligence WORKSPACE Enable any employee to work anywhere, anytime with seamless employee experiences. LEARN MORE RELATED LINKS Workspace ONE HOL Customer Stories Digital Workspace Tech Zone End User Computing Blog Anywhere Workspace Services End User Adoption VMware Marketplace SOLUTIONS Embrace Anywhere Workspace Ensure Experience and Productivity Adopt Zero Trust Security Modern Endpoint Management Empower Frontline Workers Scale with VDI and DaaS SEE ALL SOLUTIONS PRODUCTS WORKSPACE PLATFORM Workspace ONE UNIFIED ENDPOINT MANAGEMENT Workspace ONE UEM Workspace ONE Freestyle Orchestrator Workspace ONE Intelligence Workspace ONE Assist DESKTOP & APP VIRTUALIZATION Horizon Horizon Cloud Workspace ONE Assist for Horizon SEE ALL PRODUCTS DIGITAL EMPLOYEE EXPERIENCE Workspace ONE Intelligent Hub Workspace ONE Productivity Apps Workspace ONE Access VMware SaaS App Management by BetterCloud SECURE ACCESS SERVICE EDGE (SASE) VMware SD-WAN VMware Secure Access ENDPOINT SECURITY VMware Carbon Black Endpoint DESKTOP HYPERVISOR Fusion for Mac Workstation Pro Workstation Player SECURITY Secure your infrastructure across any app, any cloud and any device. LEARN MORE RELATED LINKS Security Resource Library VMware Security Blog Customer Stories Professional Services Partner Locator VMware Marketplace SOLUTIONS Implement Zero Trust Modernize the SOC Secure the Multi-Cloud Secure Cloud Workloads SEE ALL SOLUTIONS PRODUCTS VMWARE CARBON BLACK CLOUD VMware Carbon Black Endpoint Workspace ONE Intelligence Endpoint Detection and Response (EDR) App Control MULTI-CLOUD SECURITY VMware Carbon Black Workload CloudHealth Secure State VMware SASE Platform MODERN APPLICATION SECURITY VMware Carbon Black Container VMware Tanzu SEE ALL PRODUCTS NETWORK SECURITY NSX Distributed Firewall NSX Gateway Firewall NSX Network Detection & Response NSX Distributed IDS/IPS NSX Sandbox NSX Advanced Load Balancer NSX Cloud VMware Secure Access VMware SD-WAN ABOUT VMWARE PARTNERS VMware’s global ecosystem of partners helps enterprises be cloud smart. LEARN MORE FOR CUSTOMERS Work with a Partner Find a Partner Find a Cloud Provider VMware Marketplace FOR PARTNERS Work with VMware Become a Cloud Provider Get Cloud Verified Cloud Partner Navigator Technology Partner Hub Partner Connect Login Learning and Selling Resources Partner Executive Edge WHY VMWARE Build, run, manage, connect and protect all of your apps, anywhere with a digital foundation built on VMware. LEARN MORE TOOLS & TRAINING VMware Customer Connect VMware Trust Center Learning & Certification Product Downloads Product Trials Cloud Services Engagement Platform SUPPORT Support Offerings Skyline Product Support Centers Support Customer Welcome Center EVENTS VMworld SpringOne All Events & Webcasts SERVICES Professional Services Customer Success BLOGS & COMMUNITIES Blogs News & Stories Communities CUSTOMERS Customer Stories PARTNERS Work with Partners Find a Partner Find a VMware Cloud Provider Become a Partner Get Cloud Verified Learning & Selling Resources Partner Executive Edge MARKETPLACE VMware Marketplace WHAT IS… Application Modernization Cloud Migration Cloud Networking Hybrid Cloud Hyperconvergence Kubernetes Multi-Cloud Network Security Network Virtualization Private Cloud Unified Endpoint Management SEE ALL TOPICS Ellipsis VMware Security Solutions Advisories * VMSA-2022-0008 Critical Advisory ID: VMSA-2022-0008 CVSSv3 Range: 9.1 Issue Date: 2022-03-23 Updated On: 2022-03-23 (Initial Advisory) CVE(s): CVE-2022-22951, CVE-2022-22952 Synopsis: VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952) RSS Feed Download PDF Download Text File Share this page on social media Sign up for Security Advisories 1. IMPACTED PRODUCTS * VMware Carbon Black App Control (AppC) 2. INTRODUCTION Multiple vulnerabilities in VMware Carbon Black App Control were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3A. OS COMMAND INJECTION VULNERABILITY IN VMWARE CARBON BLACK APP CONTROL (CVE-2022-22951) Description VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. Known Attack Vectors An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. Resolution To remediate CVE-2022-22951 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes Before using the download links make sure to log into the Carbon Black User Exchange (UEX). Acknowledgements VMware would like to thank Jari Jääskelä (@JJaaskela) for reporting this issue to us. 3B. FILE UPLOAD VULNERABILITY IN VMWARE CARBON BLACK APP CONTROL (CVE-2022-22952) Description VMware Carbon Black App Control contains a file upload vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. Known Attack Vectors A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. Resolution To remediate CVE-2022-22952 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes Before using the download links make sure to log into the Carbon Black User Exchange (UEX). Acknowledgements VMware would like to thank Jari Jääskelä (@JJaaskela) for reporting this issue to us. Response Matrix 3a, 3b Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation AppC 8.8.x Windows CVE-2022-22951, CVE-2022-22952 9.1 critical 8.8.2 None None AppC 8.7.x Windows CVE-2022-22951, CVE-2022-22952 9.1 critical 8.7.4 None None AppC 8.6.x Windows CVE-2022-22951, CVE-2022-22952 9.1 critical 8.6.6 None None AppC 8.5.x Windows CVE-2022-22951, CVE-2022-22952 9.1 critical 8.5.14 None None 4. REFERENCES Fixed Version(s) and Release Notes: VMware Carbon Black App Control 8.8.2, 8.7.4, 8.6.6, 8.5.14 Downloads and Documentation: https://community.carbonblack.com/t5/Documentation-Downloads/Critical-App-Control-Server-Patch-Announcement-3-23-22/ta-p/111804#M3557 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952 FIRST CVSSv3 Calculator: CVE-2022-22951: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-22952: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 5. CHANGE LOG 2022-03-23 VMSA-2022-0008 Initial security advisory. 6. CONTACT E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2022 VMware Inc. All rights reserved. Company About Us Executive Leadership News & Stories Investor Relations Customer Stories Diversity, Equity & Inclusion Environment, Social & Governance Careers Blogs Communities Acquisitions Office Locations VMware Cloud Trust Center COVID-19 Resources Support VMware Customer Connect Support Policies Product Documentation Compatibility Guide End User Terms & Conditions California Transparency Act Statement Twitter YouTube Facebook LinkedIn Contact Sales -------------------------------------------------------------------------------- © 2022 VMware, Inc. Terms of Use Your California Privacy Rights Privacy Accessibility Site Map Trademarks Glossary Help We use cookies to provide you with the best experience on our website, to improve usability and performance and thereby improve what we offer to you. Our website may also use third-party cookies to display advertising that is more relevant to you. By clicking on the “Accept All” button you agree to the storing of cookies on your device. If you want to know more about how we use cookies, please see our Cookie Policy. Cookie Settings Accept All Cookies COOKIE PREFERENCE CENTER GENERAL INFORMATION ON COOKIES GENERAL INFORMATION ON COOKIES When you visit our website, we use cookies to ensure that we give you the best experience. This information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies by clicking on the different category headings to find out more and change your settings. However, blocking some types of cookies may impact your experience on the site and the services we are able to offer. Further information can be found in our Cookie Policy. * STRICTLY NECESSARY STRICTLY NECESSARY Always Active Strictly Necessary Strictly necessary cookies are always enabled since they are essential for our website to function. They enable core functionality such as security, network management, and website accessibility. You can set your browser to block or alert you about these cookies, but this may affect how the website functions. For more information please visit www.aboutcookies.org or www.allaboutcookies.org. Cookie Details * PERFORMANCE PERFORMANCE Performance Performance cookies are used to analyze the user experience to improve our website by collecting and reporting information on how you use it. They allow us to know which pages are the most and least popular, see how visitors move around the site, optimize our website and make it easier to navigate. Cookie Details * FUNCTIONAL FUNCTIONAL Functional Functional cookies help us keep track of your past browsing choices so we can improve usability and customize your experience. These cookies enable the website to remember your preferred settings, language preferences, location and other customizable elements such as font or text size. If you do not allow these cookies, then some or all of these services may not function properly. Cookie Details * ADVERTISING ADVERTISING Advertising Advertising cookies are used to send you relevant advertising and promotional information. They may be set through our site by third parties to build a profile of your interests and show you relevant advertisements on other sites. These cookies do not directly store personal information, but their function is based on uniquely identifying your browser and internet device. Cookie Details * SOCIAL MEDIA SOCIAL MEDIA Social Media Social media cookies are intended to facilitate the sharing of content and to improve the user experience. These cookies can sometimes track your activities. We do not control social media cookies and they do not allow us to gain access to your social media accounts. Please refer to the relevant social media platform’s privacy policies for more information. Cookie Details Back Button ADVERTISING COOKIES Filter Button Consent Leg.Interest Select All Vendors Select All Vendors Select All Hosts Select All * REPLACE-WITH-DYANMIC-HOST-ID View Third Party Cookies * Name cookie name Clear Filters Information storage and access Apply Confirm My Choices Allow All