Source: securityaffairs.com – Author: Pierluigi Paganini
VMware fixed a critical flaw in Aria Automation. Patch it now!
VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform.
VMware Aria Automation (formerly vRealize Automation) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.
VMware addressed a critical vulnerability, tracked as CVE-2023-34063 (CVSS score 9.9), that impacted its Aria Automation platform.
The issue is a missing access control vulnerability that can be exploited by an authenticated attacker actor to gain unauthorized access to remote organizations and workflows.
“Aria Automation contains a Missing Access Control vulnerability.” reads the advisory. “An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.”
The vulnerability was discovered by Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Scientific Computing Platforms team.
The vulnerability CVE-2023-34063 affects versions before 8.16 and Cloud Foundation.
VMware strongly recommends customers update their installs to platform version 8.16.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, VMware)
Original Post URL: https://securityaffairs.com/157576/security/vmware-aria-automation.html
Category & Tags: Breaking News,Security,Hacking,hacking news,information security news,IT Information Security,Pierluigi Paganini,Security Affairs,Security News,VMware Aria Automation – Breaking News,Security,Hacking,hacking news,information security news,IT Information Security,Pierluigi Paganini,Security Affairs,Security News,VMware Aria Automation
Views: 0
