VMware Aria Automation Vulnerability
CVE-2024-22280

8.1HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Automation
Vendor: CVE Published:; 11 July 2024

Badges

📰 News Worthy

What is CVE-2024-22280?

VMware Aria Automation exhibits a vulnerability due to insufficient input validation, enabling an authenticated user to execute crafted SQL queries. This flaw can lead to unauthorized data manipulation, allowing malicious actors to perform read or write operations directly in the underlying database. It is imperative for users of affected versions to assess their security measures and apply necessary updates or patches to safeguard their environments.

Affected Version(s)

VMware Aria Automation 8.x < 8.17.0

News Articles

CybersecurityNews

CVE-2024-22280

VMware Aria Automation Flaw Let Hackers Perform SQL Injection Attacks

VMware has released security updates to address a critical SQL injection vulnerability in its Aria Automation product. The vulnerability tracked as CVE-2024-22280, could allow authenticated attackers to perform unauthorized database operations.

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Jul 11, 2024
Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jan 8, 2024

Vmware

Badges

What is CVE-2024-22280?

Affected Version(s)

News Articles

VMware Aria Automation Flaw Let Hackers Perform SQL Injection Attacks

References

CVSS V3.1

Timeline