CVE-2024-22280 – VMware Aria Automation Vulnerability

Severity

High

Analysis Summary

CVE-2024-22280

VMware Aria Automation is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted SQL statements, which could allow the attacker to perform unauthorized read/write operations in the database.

Impact

Data Manipulation

Indicators of Compromise

CVE

CVE-2024-22280

Affected Vendors

VMWare

Affected Products

VMware Cloud Foundation 4.0
VMware Cloud Foundation 5.0
VMware Aria Automation 8.11
VMware Aria Automation 8.12
VMware Aria Automation 8.13
VMware Aria Automation 8.14

Remediation

Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.

VMware Security Advisory

Multiple SAP Products Vulnerabilities

NuGet Supply Chain Attack Reveals 60 New Malicious Packages – Active IOCs

CVE-2024-22280 – VMware Aria Automation Vulnerability

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan