VMware Aria Automation vulnerability gives hackers opportunity for SQL injection attacks

VMware Aria Automation vulnerability gives hackers opportunity for SQL injection attacks



VMware has recently addressed a critical SQL injection vulnerability in its Aria Automation product, marked as CVE-2024-22280. This vulnerability, with a high severity level of 8.5 out of 10, could potentially allow authenticated attackers to carry out unauthorized database operations. The affected versions include VMware Aria Automation version 8.x and VMware Cloud Foundation versions 5.x and 4.x.

The issue stems from improper input validation in Aria Automation, which can be exploited by authenticated malicious users entering specially crafted SQL queries to perform unauthorized database activities. Researchers Alexandre Lavoie and Felix Boulet from the Centre Gouvernemental de Cyberdéfense (CGCD) in Quebec reported this vulnerability to VMware, prompting the release of patches to address the issue.

Users are strongly encouraged to update their systems to the latest version to mitigate the risk of exploitation. Special patches are available for Aria Automation versions prior to 8.17.0. To determine if a system is vulnerable to CVE-2024-22280, users can follow specific steps outlined by VMware, such as checking the installed version through SSH commands.

For VMware Cloud Foundation users running versions 5.x or 4.x, it is advised to verify if the specific security patch for CVE-2024-22280 is installed. Versions 8.17.0 and higher of Aria Automation are not affected by this vulnerability. However, for versions 8.13.0 through 8.16.2, users are recommended to apply the appropriate patches listed in the VMware knowledge base article.

Failure to apply the necessary patches or upgrades could result in potential unauthorized access to the database by authenticated attackers. Therefore, it is crucial for users to take immediate action to safeguard their systems against this security threat.

Additionally, VMware is hosting a free webinar to educate users on combating slow DDoS attacks, a prevalent threat in today’s cybersecurity landscape. By staying informed and proactive in addressing vulnerabilities like CVE-2024-22280, organizations can enhance their overall security posture and protect their sensitive data from potential breaches.

Article Source
https://cybersecuritynews.com/VMware-aria-automation-sql-injection/amp/