Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor mayexploit this vulnerability leading to unauthorized access to remoteorganizations and workflows.
9.9CVSS
8.1AI Score
0.0004EPSS
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
8.5CVSS
9.4AI Score
0.0005EPSS