July 10, 2024 at 12:54PM
VMWare, owned by Broadcom, issued patches for a high-risk SQL-injection vulnerability in Aria Automation, allowing an authenticated malicious user to manipulate databases. Tracked as CVE-2024-22280, the flaw permits unauthorized read and write operations in the database through specially crafted SQL queries. The bug carries a CVSS severity score of 8.5/10 and affects specific VMWare products. Source: VMWare advisory.
Key takeaways from the meeting notes are as follows:
– VMware Aria Automation product has been patched to address a high-risk SQL-injection vulnerability (CVE-2024-22280).
– The advisory rates the severity of the vulnerability as “high” with a CVSS score of 8.5/10.
– Affected products include VMware Aria Automation version 8.x, and VMware Cloud Foundation versions 5.x and 4.x.
– The vulnerability allows for unauthorized read and write operations in the database through specially crafted SQL queries.
– The bug was privately reported by researchers at Quebec’s Centre Gouvernemental de Cyberdéfense (CGCD).
In addition, the meeting notes highlight related security concerns and incidents, demonstrating ongoing efforts to address and mitigate potential vulnerabilities.