CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22280 – VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)
https://notcve.org/view.php?id=CVE-2024-22280
11 Jul 2024 — VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. VMware Aria Automation no aplica la validación de entrada correcta que permite la inyección de SQL en el producto. Un usuario malintencionado autenticado podría ingresar consultas SQL especialmente manipuladas y realizar operaciones de lectura/escritura no autoriz... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 12EXPL: 0CVE-2023-34063
https://notcve.org/view.php?id=CVE-2023-34063
16 Jan 2024 — Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos. • https://www.vmware.com/security/advisories/VMSA-2024-0001.html • CWE-862: Missing Authorization •