CVE-2023-34063

Summary

Aria Automation contains a Missing Access Control vulnerability.

An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Affected Software

VendorProductVersion RangeStatus
N/AVMware Aria Automation, VMware Cloud FoundationAria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0affected

Weaknesses

  • VMware Aria Automation Missing Access Control Vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References