gsd - gsd-2023-34063

gsd-2023-34063

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Aliases

CVE-2023-34063

Aliases

CVE-2023-34063

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34063",
    "id": "GSD-2023-34063"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34063"
      ],
      "details": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n",
      "id": "GSD-2023-34063",
      "modified": "2023-12-13T01:20:30.432659Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2023-34063",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VMware Aria Automation, VMware Cloud Foundation",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Aria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0      "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "N/A"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "VMware Aria Automation Missing Access Control Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html",
            "refsource": "MISC",
            "url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "183DC197-4FF2-4B84-B0E8-666E49CC9DDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.11.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2849AEA0-B419-4096-B1D8-796686CE4C56",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.11.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CFFC657E-8780-46FE-AC01-22F8CFF196C9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.12.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "91E0F535-5F30-495E-9974-2C2F65ED94EE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.12.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C8B7BAD1-8544-491E-B41F-B4CD4E2B3754",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.12.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FF9CA281-ACE8-4768-A5EC-EB29111CD3EC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.13.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AB173C24-3DDA-46CA-9B80-9A2C4EB73768",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.13.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "24986636-3F4B-46CF-A374-0D006216731F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FB6E2175-E4C2-46A7-9D37-E37A8239B16D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:aria_automation:8.14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6F48CE31-68D2-4FE8-9BB2-ADC85259552A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D3D640F9-7733-415F-8BA7-DC41658EDC76",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"
          },
          {
            "lang": "es",
            "value": "Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos."
          }
        ],
        "id": "CVE-2023-34063",
        "lastModified": "2024-01-25T16:22:30.063",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.5,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.1,
              "impactScore": 6.0,
              "source": "security@vmware.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-16T10:15:07.347",
        "references": [
          {
            "source": "security@vmware.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
          }
        ],
        "sourceIdentifier": "security@vmware.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-862"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CVE-2023-34063 (GCVE-0-2023-34063)

Vulnerability from cvelistv5

Published

2024-01-16 09:10

Modified

2025-06-20 17:02

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

CWE

VMware Aria Automation Missing Access Control Vulnerability

Summary

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

References

►

URL

Tags

https://www.vmware.com/security/advisories/VMSA-2024-0001.html

Impacted products

	Vendor	Product	Version
	N/A	VMware Aria Automation, VMware Cloud Foundation	Version: Aria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0

Show details on NVD website