CVE-2023-34063 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability.

An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Published: Jan 16, 2024
Updated: Jan 26, 2024
CVE: CVE-2023-34063
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
vmware / cloud_foundation	4.0	4.0.x
vmware / cloud_foundation	5.0	5.0.x
vmware / aria_automation	8.11.0	8.11.0.x
vmware / aria_automation	8.11.1	8.11.1.x
vmware / aria_automation	8.11.2	8.11.2.x
vmware / aria_automation	8.12.2	8.12.2.x
vmware / aria_automation	8.12.0	8.12.0.x
vmware / aria_automation	8.12.1	8.12.1.x
vmware / aria_automation	8.13.0	8.13.0.x
vmware / aria_automation	8.13.1	8.13.1.x
vmware / aria_automation	8.14.1	8.14.1.x
vmware / aria_automation	8.14.0	8.14.0.x

https://www.vmware.com/security/advisories/VMSA-2024-0001.html