High-Severity Vulnerability in VMware Aria Automation Product

Published on 11 Jul 2024

VMware has released security updates to address a high-severity vulnerability (CVE-2024-22280) in their Aria Automation product.

Successful exploitation of this structured query language (SQL) injection vulnerability could allow an authenticated attacker to send specially crafted SQL queries and execute unauthorised read or write operations in the database.

The vulnerability affects the following product versions:
• VMware Aria Automation version 8.x
• VMware Cloud Foundation version 4.x
• VMware Cloud Foundation version 5.x

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here: