■■■□□ VMware has fixed the critical SQL injection vulnerability CVE-2024-22280 (CVSS 8.5) in Aria Automation.
VMware Aria Automation is a modern cloud automation platform that simplifies and streamlines the deployment, management and governance of cloud infrastructure and applications.
It provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.
An authenticated attacker could exploit the vulnerability by injecting specially crafted SQL queries and performing unauthorized read/write operations on the database.
Discovered by researchers at the Canadian Government Cyber Defense Center (CGCD), the vulnerability affects VMware Aria Automation version 8.x and Cloud Foundation versions 5.x and 4.x.
VMware states that there are no workarounds for this issue and patches are recommended to resolve CVE-2024-22280.
https://t.me/cKure/14399