VMware alerts customers to critical issues in Aria Automation
Take action: This is a very serious issue, but in order to exploit it one still has to be authenticated. Lock down the Aria Automation platform to trusted network access, enforce complex passwords and MFA or SSO and then plan to patch as soon as reasonably possible.
Learn More
VMware is alerting its customers to patch a critical vulnerabilityidentified in its Aria Automation platform, previously known as vRealize Automation.
The vulnerability, tracked as CVE-2023-34063 (CCVSS score 9.9) is present in versions of Aria Automation up to 8.16 and also affects Cloud Foundation. Described as a missing access control issue, it allows authenticated attackers to gain unauthorized access to remote organizations and workflows.
While there are no reports of this vulnerability being exploited in the wild, VMware's advisory underscores the importance of the update, given the track record of threat actors exploiting VMware product vulnerabilities. .
