Critical Vulnerability in VMware Aria Automation Addressed: Immediate Update Recommended

January 16, 2024

VMware has recently addressed a serious security flaw in its Aria Automation platform, which was previously known as vRealize Automation. This platform is a contemporary solution for cloud automation that simplifies the deployment, management, and governance of cloud infrastructure and applications. It offers a unified platform for task automation across various cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.

The vulnerability, designated as CVE-2023-34063 and assigned a CVSS score of 9.9, impacted the Aria Automation platform. This flaw is a missing access control vulnerability that, if exploited, could enable an authenticated malicious actor to gain unauthorized access to remote organizations and workflows. The advisory stated that “Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.”

This security flaw was discovered by the Scientific Computing Platforms team at the Commonwealth Scientific and Industrial Research Organisation (CSIRO). The CVE-2023-34063 vulnerability affects Aria Automation versions prior to 8.16 and Cloud Foundation. VMware has strongly urged its customers to update their installations to platform version 8.16 to protect against this vulnerability.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.