Aria Automation Security Vulnerabilities

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor mayexploit this vulnerability leading to unauthorized access to remoteorganizations and workflows.

CVE-2024-22280

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.