CVE-2023-34063
Description
Aria Automation contains a Missing Access Control vulnerability.
An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Aria Automation missing access control allows authenticated attackers to access remote organizations and workflows.
Vulnerability
A Missing Access Control vulnerability exists in VMware Aria Automation (formerly vRealize Automation). The flaw allows an authenticated malicious actor to bypass access controls. Affected versions include all versions prior to the fixed releases mentioned in VMSA-2024-0001 [1].
Exploitation
An attacker must have valid authentication to the Aria Automation instance. No special privileges beyond authentication are required. The attacker can then exploit the missing access control to gain unauthorized access to remote organizations and workflows [1].
Impact
Successful exploitation leads to unauthorized access to remote organizations and workflows, potentially allowing the attacker to view, modify, or disrupt automation processes across different tenants. The CVSSv3 score is 9.9, indicating critical severity [1].
Mitigation
VMware has released updates to remediate this vulnerability. Users should apply the patches as specified in VMSA-2024-0001. No workarounds are mentioned. The advisory was published on January 16, 2024 [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Aria/Aria Automationdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.