VMware has released updates for Aria Automation, its multi-cloud infrastructure automation platform for public, private and hybrid clouds, to fix a critical vulnerability that could allow authenticated attackers to access remote organizations and workflows. VMware Cloud Foundation, a suite of software-defined services for setting up private clouds, is also impacted if the products were deployed using the Aria Suite Lifecycle Manager.
VMware describes the vulnerability (CVE-2023-34063) as a “missing access control” issue and rates it with 9.9 out of 10 on the CVSS severity scale. The flaw was privately reported to the company and VMware is not aware of any in-the-wild exploitation of the issue at this time.
