- Home
- Alerts & Advisories
- Alerts
- Active Exploitation of Critical Vulnerability in VMware's Aria Automation
Active Exploitation of Critical Vulnerability in VMware's Aria Automation
17 January 2024
VMware has released security updates addressing a critical vulnerability (CVE-2023-34063) in VMware Aria Automation. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.9 out of 10.
Successful exploitation of the missing access control vulnerability could allow an authenticated attacker to gain unauthorised access to remote organisations and workflows.
The vulnerability affects the following product versions:
• Aria Automation versions before 8.16
• Cloud Foundation versions 5.x and 4.x
Users and administrators of the affected products are advised to update to the latest product versions immediately.
More information is available here:
https://www.vmware.com/security/advisories/VMSA-2024-0001.html
https://nvd.nist.gov/vuln/detail/CVE-2023-34063
https://securityaffairs.com/157576/security/vmware-aria-automation.html