(CVE-2021-21982 / CVSSv3:9.1) - A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings. A remote attacker could exploit this vulnerability to take control of an affected system.

https://www.vmware.com/security/advisories/VMSA-2021-0005.html