Vulnerability Details CVE-2022-22952
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 9.0
References
Products affected by CVE-2022-22952
-
cpe:2.3:a:vmware:carbon_black_app_control:*
-
cpe:2.3:a:vmware:carbon_black_app_control:8.5
-
cpe:2.3:a:vmware:carbon_black_app_control:8.5.12
-
cpe:2.3:a:vmware:carbon_black_app_control:8.5.2
-
cpe:2.3:a:vmware:carbon_black_app_control:8.5.4
-
cpe:2.3:a:vmware:carbon_black_app_control:8.5.8
-
cpe:2.3:a:vmware:carbon_black_app_control:8.6
-
cpe:2.3:a:vmware:carbon_black_app_control:8.6.2
-
cpe:2.3:a:vmware:carbon_black_app_control:8.6.4
-
cpe:2.3:a:vmware:carbon_black_app_control:8.7.0
-
cpe:2.3:a:vmware:carbon_black_app_control:8.7.2
-
cpe:2.3:o:microsoft:windows:-