VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.
July 10, 2024 By Ryan Naraine
Broadcom-owned VMWare on Wednesday pushed out patches for a high-risk SQL-injection vulnerability in its Aria Automation product and warned that an authenticated malicious user could target the flaw to manipulate databases.
The vulnerability, tracked as CVE-2024-22280, allows for unauthorized read and write operations in the database through specially crafted SQL queries, VMWare said in an advisory with a “high-severity” rating
The bug carries a CVSS severity score of 8.5/10.
Affected products include VMware Aria Automation version 8.x, and VMware Cloud Foundation versions 5.x and 4.x.