CVE-2024-22280

HIGH

VMware Aria Automation - SQL Injection

Title source: llm

Description

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

References (1)

Scores

CVSS v3 8.5
EPSS 0.0191
EPSS Percentile 83.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Classification

CWE
CWE-89
Status published

Affected Products (2)

vmware/aria_automation < 8.17.0
vmware/cloud_foundation < 5.0

Timeline

Published Jul 11, 2024
Tracked Since Feb 18, 2026