3 matches found
CVE-2023-34063
VMware Aria Automation (formerly vRealize Automation) is affected by CVE-2023-34063 due to a Missing Access Control flaw. An authenticated attacker could gain unauthorized access to remote organizations and workflows. The vulnerability affects Aria Automation prior to fixed builds; no exploit det...
CVE-2025-22249
CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...
CVE-2024-22280
CVE-2024-22280 affects VMware Aria Automation. The issue is an SQL injection due to improper input validation, enabling an authenticated attacker to perform unauthorized read/write operations in the database. Reported impact indicates network access with low privileges and no user interaction nee...