VMware reports a critical vulnerability in Aria Automation with a CVSS score of 9.9 and strongly recommends an update. Otherwise, attackers could gain unauthorized access to remote organizations and workflows. The update is ready
Aria Automation contains a lack of access control vulnerability. VMware has assessed the severity of this issue in the Critical Severity range with a maximum CVSSv3 base value of 9.9. The Aria Automation lack of access control vulnerability was defined in CVE-2023-34063. According to VMware, “An authenticated malicious actor could exploit this vulnerability and result in unauthorized access to remote organizations and workflows.”
Updates are available
Various versions are affected by the vulnerability. VMware lists the versions and recommends the update:
- VMware Aria Automation (formerly vRealize Automation) in versions 8.11.x, 8.12.x, 8.13.x, 8.14.x. Version 8.16 is not affected.
- VMware Cloud Foundation (Aria Automation) 5.x, 4.x
VMware was confidentially informed of the lack of access control vulnerability in Aria Automation by CSIRO - Commonwealth Scientific and Industrial Research Organization's. Updates are available to resolve this vulnerability in affected VMware products.
More at VMware.com
About VMware VMware is driving the world's digital infrastructure with its business software. The company's solutions in the areas of cloud, mobility, network and security provide more than 500.000 corporate customers worldwide with a dynamic and efficient digital basis for their business success. They are supported by the global VMware partner network, consisting of around 75.000 partners. Based in Palo Alto, California, the company has used its technological innovations for both corporate and social purposes for over 20 years. The German office of VMware is located in Munich. Further information can be found at: www.vmware.com/de. VMware and Carbon Black are registered trademarks of VMware, Inc. or its subsidiaries in the United States and other countries.