CVE-2023-34063

CRITICAL

Aria Automation - Privilege Escalation

Title source: llm

Description

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2024-0001.html

Scores

CVSS v3 9.9

EPSS 0.0017

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (12)

vmware/aria_automation 8.11.0

vmware/aria_automation 8.11.1

vmware/aria_automation 8.11.2

vmware/aria_automation 8.12.0

vmware/aria_automation 8.12.1

vmware/aria_automation 8.12.2

vmware/aria_automation 8.13.0

vmware/aria_automation 8.13.1

vmware/aria_automation 8.14.0

vmware/aria_automation 8.14.1

... and 2 more

Published Jan 16, 2024

Tracked Since Feb 18, 2026