CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

vmware

aria_automation

3 known vulnerabilities · sorted by CVSS score

CVE-2023-34063

CRITICAL9.9

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

vmware / aria_automation+11

Network

Published Jan 16, 2024

CVE-2024-22280

HIGH8.5

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

vmware / aria_automation+1

Network

Published Jul 11, 2024

CVE-2025-22249

HIGH8.2

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

vmware / aria_automation+4

Network

Published May 13, 2025