VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
References
Link | Resource |
---|---|
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jul 2024, 17:01
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vmware aria Automation
Vmware cloud Foundation Vmware |
|
CWE | CWE-89 | |
References | () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 - Vendor Advisory | |
CPE | cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:aria_automation:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
11 Jul 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jul 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-11 05:15
Updated : 2024-07-12 17:01
NVD link : CVE-2024-22280
Mitre link : CVE-2024-22280
CVE.ORG link : CVE-2024-22280
JSON object : View
Products Affected
vmware
- cloud_foundation
- aria_automation
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')