VMware Releases Critical Security Update for VMware Aria Automation

Security update addresses a Missing Access Control vulnerability in the VMware Aria Automation platform

Threat ID:: CC-4436
Threat Severity:: Medium
Published:: 16 January 2024 2:50 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses a Missing Access Control vulnerability in the VMware Aria Automation platform

Affected platforms

The following platforms are known to be affected:

Versions: 8.11.x to 8.14.x, 8.16

VMware Aria Automation

Versions: 5.x, 4.x

VMware Cloud Foundation

Threat details

Introduction

VMware has released a security update to address a vulnerability in VMware Aria Automation. CVE-2023-34063, which has been assigned a CVSSv3 score of 9.9, is a Missing Access Control vulnerability that could lead to unauthorised access to remote organisations and workflows.

Remediation advice

Affected organisations are encouraged to review the VMware Security Advisory VMSA-2024-0001 and apply any relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Last edited: 16 January 2024 2:50 pm