CVE-2023-34063

CRITICAL

Aria Automation - Privilege Escalation

Title source: llm

Description

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

References (1)

Scores

CVSS v3 9.9
EPSS 0.0017
EPSS Percentile 38.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Classification

CWE
CWE-862
Status published

Affected Products (12)

vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/aria_automation
vmware/cloud_foundation
vmware/cloud_foundation

Timeline

Published Jan 16, 2024
Tracked Since Feb 18, 2026