QID 379262

VMware Aria Automation is a platform that helps you automate the provisioning and management of infrastructure resources across multiple clouds. It provides a self-service catalog, a consistent infrastructure as a service (IaaS) consumption layer, and an idempotent REST API.

CVE-2023-34063: VMware Aria Automation is vulnerable to a missing Access Control vulnerability.

Affected Versions:
VMware Aria Automation 8.14.x prior to patch number 23104270
VMware Aria Automation 8.13.x prior to patch number 23104357
VMware Aria Automation 8.12.x prior to patch number 23104358
VMware Aria Automation 8.11.x prior to patch number 23104361

Note: Please note that this QID does not support VMware Cloud Foundation and does not check for 4.x and 5.x version of Cloud Foundation mentioned in the vendor advisory.

QID Detection Logic (Authenticated):
This QID checks for vulnerable version of VMware Aria Automation by extracting the version from the '/opt/vmware/etc/appliance-manifest.xml' file.

Successful exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to remote organizations and workflows.