VMware Aria Automation Vulnerability
CVE-2024-22280

8.1HIGH

Key Information:

Vendor: Vmware
Status: Vmware Aria Automation
Vendor: CVE Published:; 11 July 2024

Summary

VMware Aria Automation exhibits a vulnerability due to insufficient input validation, enabling an authenticated user to execute crafted SQL queries. This flaw can lead to unauthorized data manipulation, allowing malicious actors to perform read or write operations directly in the underlying database. It is imperative for users of affected versions to assess their security measures and apply necessary updates or patches to safeguard their environments.

Affected Version(s)

VMware Aria Automation 8.x < 8.17.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jan 8, 2024