Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Critical App Control Server Patch Announcement 3/23/22

Critical App Control Server Patch Announcement 3/23/22

The VMware Carbon Black App Control Server 8.5.x to 8.8.x contains a critical security vulnerability.

The Common Vulnerabilities and Exposures project ( has assigned the identifiers CVE-2022-22951 and CVE-2022-22952 to this issue. We strongly recommend that you upgrade as soon as possible.

For more information, see the VMware Security Advisory: VMSA-2022-0008. For questions and assistance with installation please contact customer support.

We have provided security patches for customers on server versions 8.5.0+ which includes versions 8.5.14, 8.6.6, 8.7.4, and 8.8.2. 

Downloads and Documentation

For more details regarding the above security releases, including the download links and release notes can be found in VMWare Docs.

Labels (2)

Is there any update on the issue with the console and database not communicating after updating to 8.8.2?  

That is kind of a big bug 

@michaelzimmer and @rosehd - I believe the issue you refer to is addressed here...

[App Control: Upgrade to 8.8.2 with local SQL authentication breaks the web console due to DB connection error]

Thanks Davy.  

Does anyone know when this issue will be fixed? 

8.8.2 Installation Notice: 12 April, 2022

Please be advised that version 8.8.2 of the VMware Carbon Black App Control server contains an issue which can cause installations which have been configured to use SQL authentication to switch to Windows authentication following the upgrade. This can lead to a database connection error and a failure of the system.

Article Information
Creation Date: