VMware has taken decisive action to address a critical security vulnerability discovered in its Aria Automation platform, formerly known as vRealize Automation, by swiftly releasing patches for a severe SQL-Injection flaw identified as CVE-2024-22280. This vulnerability, assigned a CVSSv3 base score of 8.5, represents a significant risk as it allows authenticated attackers to execute unauthorized database operations through maliciously crafted SQL queries. The impacted software versions include VMware Aria Automation 8.x and VMware Cloud Foundation 5.x and 4.x, crucial components integral to VMware’s comprehensive suite for managing and automating cloud infrastructure across various environments.
The identification and responsible disclosure of CVE-2024-22280 were credited to Alexandre Lavoie and Felix Boulet of the Canadian Centre gouvernemental de cyberdéfense (CGCD), highlighting the collaborative efforts between independent cybersecurity researchers and industry leaders to enhance digital security practices. VMware has stressed the critical importance of immediately applying the provided security patches, emphasizing that there are currently no viable workarounds available to mitigate the vulnerability’s exploitation. This proactive response aims to preempt potential threats posed by malicious actors seeking to exploit the vulnerability for unauthorized access to sensitive data or disruption of essential cloud operations.
This incident underscores VMware’s ongoing commitment to maintaining rigorous security standards across its product portfolio. Earlier this year, VMware addressed another critical vulnerability, CVE-2023-34063, affecting the Aria Automation platform, demonstrating a proactive stance in fortifying its cloud automation solutions against emerging cyber threats. In addition to addressing the CVE-2024-22280 SQL-Injection vulnerability, VMware has reinforced its commitment to proactive cybersecurity measures by enhancing detection capabilities and bolstering incident response protocols.
Reference:
