Critical Vulnerability in VMware Aria Automation Addressed: Immediate Update Recommended

January 16, 2024

VMware has recently addressed a serious security flaw in its Aria Automation platform, which was previously known as vRealize Automation. This platform is a contemporary solution for cloud automation that simplifies the deployment, management, and governance of cloud infrastructure and applications. It offers a unified platform for task automation across various cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.

The vulnerability, designated as CVE-2023-34063 and assigned a CVSS score of 9.9, impacted the Aria Automation platform. This flaw is a missing access control vulnerability that, if exploited, could enable an authenticated malicious actor to gain unauthorized access to remote organizations and workflows. The advisory stated that “Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.”

This security flaw was discovered by the Scientific Computing Platforms team at the Commonwealth Scientific and Industrial Research Organisation (CSIRO). The CVE-2023-34063 vulnerability affects Aria Automation versions prior to 8.16 and Cloud Foundation. VMware has strongly urged its customers to update their installations to platform version 8.16 to protect against this vulnerability.

Latest News

• Androxgh0st Malware Botnet Targets AWS and Microsoft Credentials: FBI and CISA Alert
• Critical RCE Vulnerability Found in Older Atlassian Confluence Versions
• Ivanti's Connect Secure VPN and Policy Secure NAC Appliances Face Mass Exploitation
• Over 178,000 SonicWall Firewalls Exposed to Potential Hacks Due to Unpatched Vulnerabilities
• Phemedrone Malware Campaign Exploits Windows SmartScreen Bypass Vulnerability