CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.8%
Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | aria_automation | 8.11.0 | cpe:2.3:a:vmware:aria_automation:8.11.0:*:*:*:*:*:*:* |
vmware | aria_automation | 8.11.1 | cpe:2.3:a:vmware:aria_automation:8.11.1:*:*:*:*:*:*:* |
vmware | aria_automation | 8.11.2 | cpe:2.3:a:vmware:aria_automation:8.11.2:*:*:*:*:*:*:* |
vmware | aria_automation | 8.12.0 | cpe:2.3:a:vmware:aria_automation:8.12.0:*:*:*:*:*:*:* |
vmware | aria_automation | 8.12.1 | cpe:2.3:a:vmware:aria_automation:8.12.1:*:*:*:*:*:*:* |
vmware | aria_automation | 8.12.2 | cpe:2.3:a:vmware:aria_automation:8.12.2:*:*:*:*:*:*:* |
vmware | aria_automation | 8.13.0 | cpe:2.3:a:vmware:aria_automation:8.13.0:*:*:*:*:*:*:* |
vmware | aria_automation | 8.13.1 | cpe:2.3:a:vmware:aria_automation:8.13.1:*:*:*:*:*:*:* |
vmware | aria_automation | 8.14.0 | cpe:2.3:a:vmware:aria_automation:8.14.0:*:*:*:*:*:*:* |
vmware | aria_automation | 8.14.1 | cpe:2.3:a:vmware:aria_automation:8.14.1:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "VMware Aria Automation, VMware Cloud Foundation",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "Aria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0 "
}
]
}
]
More