CVE-2023-34063 - OpenCVE

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Cloud Foundation Aria Automation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:aria_automation:8.11.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.11.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.11.2:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.2:::::::*
	cpe:2.3:a:vmware:aria_automation:8.13.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.13.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.14.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.14.1:::::::*
	cpe:2.3:a:vmware:cloud_foundation:4.0:::::::*
	cpe:2.3:a:vmware:cloud_foundation:5.0:::::::*

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2024-0001.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2024-01-16T09:10:09.738Z

Updated: 2024-01-16T09:10:09.738Z

Reserved: 2023-05-25T17:21:56.204Z

Link: CVE-2023-34063

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-16T10:15:07.347

Modified: 2024-01-25T16:22:30.063

Link: CVE-2023-34063

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "183DC197-4FF2-4B84-B0E8-666E49CC9DDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "2849AEA0-B419-4096-B1D8-796686CE4C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFFC657E-8780-46FE-AC01-22F8CFF196C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "91E0F535-5F30-495E-9974-2C2F65ED94EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8B7BAD1-8544-491E-B41F-B4CD4E2B3754", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF9CA281-ACE8-4768-A5EC-EB29111CD3EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB173C24-3DDA-46CA-9B80-9A2C4EB73768", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "24986636-3F4B-46CF-A374-0D006216731F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB6E2175-E4C2-46A7-9D37-E37A8239B16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F48CE31-68D2-4FE8-9BB2-ADC85259552A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3D640F9-7733-415F-8BA7-DC41658EDC76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"}, {"lang": "es", "value": "Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos."}], "id": "CVE-2023-34063", "lastModified": "2024-01-25T16:22:30.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-01-16T10:15:07.347", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}