all InfoSec news
VMware Fixes Critical Aria Automation Bug
Malware Analysis, News and Indicators - Latest topics malware.news
VMware is warning of a critical-severity vulnerability in its infrastructure automation platform, Aria Automation, which if successfully exploited by cybercriminals could allow unauthorized access to remote organizations and workflows.
The issue (CVE-2023-34063) stems from a missing access control in the Aria Automation platform, formerly known as vRealize Automation. All versions of Aria Automation prior to version 8.16 are vulnerable, according to VMware. With a CVSS v3 score of 9.9, the flaw is critical, and VMware is urging impacted customers to …
access access control aria automation bug control critical cve cybercriminals exploited fixes infrastructure issue missing organizations platform severity unauthorized unauthorized access vmware vrealize vrealize automation vulnerability warning workflows