{"uuid": "ec97e6a5-b8c9-478c-a222-b5f3dd1a56e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-22280", "type": "seen", "source": "https://t.me/cKure/13263", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 VMware has fixed the critical SQL injection vulnerability CVE-2024-22280 (CVSS 8.5) in Aria Automation.\n\nVMware Aria Automation is a modern cloud automation platform that simplifies and streamlines the deployment, management and governance of cloud infrastructure and applications.\n\nIt provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS, VMware Cloud on Azure, and VMware Cloud Foundation.\n\nAn authenticated attacker could exploit the vulnerability by injecting specially crafted SQL queries and performing unauthorized read/write operations on the database.\n\nDiscovered by researchers at the Canadian Government Cyber \u200b\u200bDefense Center (CGCD), the vulnerability affects VMware Aria Automation version 8.x and Cloud Foundation versions 5.x and 4.x.\n\nVMware states that there are no workarounds for this issue and patches are recommended to resolve CVE-2024-22280.", "creation_timestamp": "2024-07-11T22:32:12.000000Z"}