High Threat Security Alert (A24-01-15): Vulnerability in VMware Aria Automation


 

Published on: 17 January 2024

  
  

Description:

VMware published a security advisory to address a vulnerability in VMware Aria Automation. The list of patches can be found at:
https://www.vmware.com/security/advisories/VMSA-2024-0001.html

Reports indicate that a security restriction bypass vulnerability (CVE-2023-34063) in VMware Aria Automation is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • VMware Aria Automation (formerly vRealize Automation)
  • VMware Cloud Foundation (Aria Automation)

 

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2024-0001.html
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34063


Tag: VMware , VMware Aria Automation , VMware Cloud Foundation
Tags