Vmware Aria Automation vulnerabilities
3 known vulnerabilities affecting vmware/aria_automation.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-22249HIGHCVSS 8.2v8.18.0v8.18.12025-05-13
CVE-2025-22249 [HIGH] CWE-79 CVE-2025-22249: VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious ac
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
nvd
CVE-2024-22280HIGHCVSS 8.1fixed in 8.17.02024-07-11
CVE-2024-22280 [HIGH] CWE-89 CVE-2024-22280: VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
nvd
CVE-2023-34063HIGHCVSS 8.3v8.11.0v8.11.1+8 more2024-01-16
CVE-2023-34063 [CRITICAL] CWE-862 CVE-2023-34063: Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor
Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.
nvd