Home / Threat Intelligence bulletins / Critical vulnerabilities in Carbon Black


VMware has released updates to address two critical vulnerabilities in their Carbon Black App Control. The first (CVE-2022-22951) is a command injection vulnerability in the admin interface, whereas the second (CVE-2022-22952) is a file upload vulnerability.


An authenticated user could gain access to the server and execute code.

Affected Products

Carbon Black App Control. This was fixed in these versions: – 8.8.2 – 8.7.4 – 8.6.6 – 8.5.14.

Containment, Mitigations & Remediations

Update to the latest version.

Indicators of Compromise

No IOCs have been released for these vulnerabilities.

Threat Landscape

There is currently no known exploit for this vulnerability in the wild, however, its disclosure is likely to trigger malicious actors to reverse engineer the patch to better understand the vulnerability and to develop an exploit for it. The desirability to do so will also be great. VMware Horizon is being actively targeted by threat actors as a method of ingress for multiple groups with different motives, but primarily ransomware. When tied to the potential for manipulating systems in place to protect such infrastructure, such as Carbon Black, from attack and to evade detection, threat actors will prioritise the development of this exploit to help them achieve their goals.

Mitre Methodologies

T1210 – Exploitation of remote services

Further Information