CVE-2023-34063 - Vulnerability Details - OpenCVE

Aria Automation contains a Missing Access Control vulnerability.

An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00171.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Vmware	Aria Automation Cloud Foundation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:aria_automation:8.11.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.11.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.11.2:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.12.2:::::::*
	cpe:2.3:a:vmware:aria_automation:8.13.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.13.1:::::::*
	cpe:2.3:a:vmware:aria_automation:8.14.0:::::::*
	cpe:2.3:a:vmware:aria_automation:8.14.1:::::::*
	cpe:2.3:a:vmware:cloud_foundation:4.0:::::::*
	cpe:2.3:a:vmware:cloud_foundation:5.0:::::::*

No data.

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2024-0001.html

History

Fri, 20 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-01-16T09:10:09.738Z

Updated: 2025-06-20T17:02:26.911Z

Reserved: 2023-05-25T17:21:56.204Z

Link: CVE-2023-34063

Vulnrichment

Updated: 2024-08-02T16:01:53.537Z

NVD

Status : Modified

Published: 2024-01-16T10:15:07.347

Modified: 2025-06-20T17:15:30.883

Link: CVE-2023-34063

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34063", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.204Z", "datePublished": "2024-01-16T09:10:09.738Z", "dateUpdated": "2025-06-20T17:02:26.911Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware Aria Automation, VMware Cloud Foundation", "vendor": "N/A", "versions": [{"status": "affected", "version": "Aria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0 "}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nAria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"}], "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "VMware Aria Automation Missing Access Control Vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-01-16T09:10:09.738Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:53.537Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-16T20:17:51.196207Z", "id": "CVE-2023-34063", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T17:02:26.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:01:53.537Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34063", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-16T20:17:51.196207Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T17:02:23.282Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N/A", "product": "VMware Aria Automation, VMware Cloud Foundation", "versions": [{"status": "affected", "version": "Aria Automation 8.14.1, Aria Automation 8.14.0, Aria Automation 8.13.1, Aria Automation 8.13.0, Aria Automation 8.12.2, Aria Automation 8.12.1, Aria Automation 8.12.0, Aria Automation 8.11.2, Aria Automation 8.11.1, Aria Automation 8.11.0 "}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n", "supportingMedia": [{"type": "text/html", "value": "\nAria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "VMware Aria Automation Missing Access Control Vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-01-16T09:10:09.738Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34063", "state": "PUBLISHED", "dateUpdated": "2025-06-20T17:02:26.911Z", "dateReserved": "2023-05-25T17:21:56.204Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-01-16T09:10:09.738Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "183DC197-4FF2-4B84-B0E8-666E49CC9DDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "2849AEA0-B419-4096-B1D8-796686CE4C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFFC657E-8780-46FE-AC01-22F8CFF196C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "91E0F535-5F30-495E-9974-2C2F65ED94EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8B7BAD1-8544-491E-B41F-B4CD4E2B3754", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF9CA281-ACE8-4768-A5EC-EB29111CD3EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB173C24-3DDA-46CA-9B80-9A2C4EB73768", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "24986636-3F4B-46CF-A374-0D006216731F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB6E2175-E4C2-46A7-9D37-E37A8239B16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:aria_automation:8.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F48CE31-68D2-4FE8-9BB2-ADC85259552A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3D640F9-7733-415F-8BA7-DC41658EDC76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Aria Automation contains a Missing Access Control vulnerability.\n\n\nAn authenticated malicious actor may \nexploit this vulnerability leading to unauthorized access to remote \norganizations and workflows.\n\n"}, {"lang": "es", "value": "Aria Automation contiene una vulnerabilidad de control de acceso faltante. Un actor malicioso autenticado puede explotar esta vulnerabilidad y provocar acceso no autorizado a organizaciones y workflows remotos."}], "id": "CVE-2023-34063", "lastModified": "2025-06-20T17:15:30.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-16T10:15:07.347", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}