VMware: Critical 9.9 vulnerability in Aria Automation

B2B Cyber ​​Security ShortNews

Share post

VMware reports a critical vulnerability in Aria Automation with a CVSS score of 9.9 and strongly recommends an update. Otherwise, attackers could gain unauthorized access to remote organizations and workflows. The update is ready

Aria Automation contains a lack of access control vulnerability. VMware has assessed the severity of this issue in the Critical Severity range with a maximum CVSSv3 base value of 9.9. The Aria Automation lack of access control vulnerability was defined in CVE-2023-34063. According to VMware, “An authenticated malicious actor could exploit this vulnerability and result in unauthorized access to remote organizations and workflows.”

Updates are available

Various versions are affected by the vulnerability. VMware lists the versions and recommends the update:

  • VMware Aria Automation (formerly vRealize Automation) in versions 8.11.x, 8.12.x, 8.13.x, 8.14.x. Version 8.16 is not affected.
  • VMware Cloud Foundation (Aria Automation) 5.x, 4.x

VMware was confidentially informed of the lack of access control vulnerability in Aria Automation by CSIRO - Commonwealth Scientific and Industrial Research Organization's. Updates are available to resolve this vulnerability in affected VMware products.

More at VMware.com


About VMware

VMware is driving the world's digital infrastructure with its business software. The company's solutions in the areas of cloud, mobility, network and security provide more than 500.000 corporate customers worldwide with a dynamic and efficient digital basis for their business success. They are supported by the global VMware partner network, consisting of around 75.000 partners. Based in Palo Alto, California, the company has used its technological innovations for both corporate and social purposes for over 20 years. The German office of VMware is located in Munich. Further information can be found at: www.vmware.com/de. VMware and Carbon Black are registered trademarks of VMware, Inc. or its subsidiaries in the United States and other countries.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more