VMware Aria Automation (formerly vRealize Automation) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.
VMware addressed a critical vulnerability, tracked as (CVSS score 9.9), that impacted its Aria Automation platform.
The issue is a missing access control vulnerability that can be exploited by an authenticated attacker actor to gain unauthorized access to remote organizations and workflows.
“Aria Automation contains a Missing Access Control vulnerability.” . “An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.”
The vulnerability was discovered by Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Scientific Computing Platforms team.
The vulnerability CVE-2023-34063 affects versions before 8.16 and Cloud Foundation.
VMware strongly recommends customers update their installs to platform version 8.16.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, VMware)